Potential Bug/Exploit Witnessed During Unsolicited UDP Port Scanning

Started by Werewolf71, February 19, 2026, 11:53:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 19, 2026, 11:53:32 PM
Versions
OPNsense 26.1.2_5-amd64
FreeBSD 14.3-RELEASE-p8
OpenSSL 3.0.19

It was noticed today when an unknown party performed a UDP port scan on my home's public IP that a node on my private subnet would 'react' and initiate outbound UDP traffic towards the scanning IP address and source port.  See sanitized SYSLOG messages below.  I can provide more log messages, if required.

Sharing this for awareness as in checking the SYSLOG, no other traffic has been witnessed from the scanning IP address before the scan took place.


11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,54,9319,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,46652,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,54,9321,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,15946,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,54,9318,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,28496,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9317,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,64274,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9331,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,56299,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9316,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,37499,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9320,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,25566,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,54,9323,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,41253,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,54,9324,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,15935,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,54,9328,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,30811,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9322,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,37367,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9325,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,35622,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9327,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,24423,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9326,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,51875,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9330,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,52030,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9329,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,53247,49
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,18484,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51536,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,18484,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,61503,51536,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,53287,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51537,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,53287,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,39173,51537,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,35093,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51538,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,35093,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,59266,51538,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,3406,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51539,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,3406,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,45066,51539,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,873,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51540,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,873,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,2356,51540,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,33810,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51541,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,33810,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,54597,51541,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,57291,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51542,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,57291,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,28222,51542,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,50441,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51543,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,50441,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,60136,51543,48
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9334,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,57665,49
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,48008,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51544,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,48008,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,3600,51544,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,42554,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51545,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,42554,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,15340,51545,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,25127,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51546,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,25127,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,60149,51546,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,1807,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51547,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,1807,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,44900,51547,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,64006,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51548,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,64006,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,34174,51548,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,53892,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51549,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,53892,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,42543,51549,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,22058,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51550,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,22058,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,42140,51550,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,38924,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51551,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,38924,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,44999,51551,48
88,,,32b0c9606bf44cc4ae86af3b6e178b80,igc0,match,pass,in,4,0x0,,64,63294,0,none,17,udp,68,<HOME_NODE_PRIVATE_IP>,<SCANNER_IP>,59858,51552,48
77,,,528d46c993d2f22268135be7b26815f2,igc1,match,pass,out,4,0x0,,63,63294,0,none,17,udp,68,<HOME_PUBLIC_IP>,<SCANNER_IP>,19522,51552,48
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9359,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,57665,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9367,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,57665,49
11,,,02f4bab031b57d1e30553ce08e0ec131,igc1,match,block,in,4,0x0,,53,9377,0,DF,17,udp,69,<SCANNER_IP>,<HOME_PUBLIC_IP>,51536,57665,49
Print
Go Up Pages1
User actions