Is this a normal inbound traffic?
My firewalla is currently just protecting it's self, no system behind it yet. Router in bridge mode and fwg- in routing mode. Should have my new PC and an AP to add to the network soon. That's where I am at. Checked the fw app this morning and I went from no blocked flows inbound to 21,000+ in the last 24 hours with this spam starting yesterday just before noon, so about 36 hours of hits. I have screens off my phone of the list, every country you can think of is hitting me up. Is this normal Internet stuff or not?
https://photos.app.goo.gl/iYn1P6ofhzPJ2AB46
-
Those look to be all inbound (ingress) traffic. Because you have the old router in bridge mode, it isn’t protecting you at all. Firewalla is getting all inbound traffic. All normal. You can’t stop people from knocking at your door. If you have the default Firewalla rule blocking incoming traffic, it will all stay out.
-
I assume propel is a utility/program or the word people with a twist, new to networking so could go either way.
I can't stop the knocking but is that knocking targeted to me (got the product and did the homework as my network was hacked and my PC bricked.). If this is just everybody stuff then I don't need to worry.
-
PintOfBass4I,
You will find that you will get a staggering number of blocked flows inbound. If you turn on the default features in firewalla and enable the default target lists, you will also get a lot of outbound blocks as well - most related to advertising and privacy.
My advice is to get use to what is normal and what is not. You need to pay attention more to your abnormal uploads as this is traffic that is leaving your network and going elsewhere. Android and Windows are noisy operating systems - Linux quiet. I have <40 devices behind my Firewalla.
As Michael said, since you bridged your router and allowed all traffic to hit the Firewalla you are seeing what is really going on and has been for some time. I have included screenshots of my Firewalla to help give you a second perspective.The geotagging is not exactly accurate. I believe this is caused by the use of Maxmind rather than ipinfo which uses a more complex speed of light calculation based on medium to ascertain location. It's complicated.
At the moment I am more interested in Zeek which I believe is the nuts and bolts of Firewalla defence.
Please sign in to leave a comment.
Comments
4 comments