Is this a normal inbound traffic?

Comments

4 comments

  • Avatar
    Michael Bierman

    Those look to be all inbound (ingress) traffic. Because you have the old router in bridge mode, it isn’t protecting you at all. Firewalla is getting all inbound traffic. All normal. You can’t stop people from knocking at your door. If you have the default Firewalla rule blocking incoming traffic, it will all stay out.

    1
    Comment actions Permalink
  • Avatar
    PintOfBass4l

    I assume propel is a utility/program or the word people with a twist, new to networking so could go either way.

    I can't stop the knocking but is that knocking targeted to me (got the product and did the homework as my network was hacked and my PC bricked.). If this is just everybody stuff then I don't need to worry.

    -1
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Sorry typos fixed above. 

    There's no correlation between the introduction of Firewalla and these attack attempts. Very likely you were the target of attacks in the past and didn't know. Firewalla provides more insight than many routers into what's going on. 

    1
    Comment actions Permalink
  • Avatar
    Braedach

    PintOfBass4I,

    You will find that you will get a staggering number of blocked flows inbound.  If you turn on the default features in firewalla and enable the default target lists, you will also get a lot of outbound blocks as well - most related to advertising and privacy.

    My advice is to get use to what is normal and what is not.  You need to pay attention more to your abnormal uploads as this is traffic that is leaving your network and going elsewhere.  Android and Windows are noisy operating systems - Linux quiet.  I have <40 devices behind my Firewalla.

    As Michael said, since you bridged your router and allowed all traffic to hit the Firewalla you are seeing what is really going on and has been for some time.  I have included screenshots of my Firewalla to help give you a second perspective.  

    The geotagging is not exactly accurate.  I believe this is caused by the use of Maxmind rather than ipinfo which uses a more complex speed of light calculation based on medium to ascertain location.  It's complicated.

    At the moment I am more interested in Zeek which I believe is the nuts and bolts of Firewalla defence.




    0
    Comment actions Permalink

Please sign in to leave a comment.