This is an automated archive.
The original was posted on /r/ubiquiti by /u/ThaGuvNa on 2023-08-15 20:56:44+00:00.
Forgive what (I’m hoping) is a silly question.
This morning I updated my 24 port switch, throughout the day I’m seeing a load of logs in the “Triggers” part of the System Log. It appears multiple random devices across my network are hitting other devices on the network. These are being captured as Firewall rules. The thing is, these random devices are hitting seemingly random ports on seemingly random IP addresses… some IP Addresses/subnets which don’t even exist across my networks. For instance, my Printer was trying my office PC on port 27758, and one of my Google Home devices hit my office PC on port 8009.
This morning I saw the gateways of each network triggering the firewall by hitting 255.255.255.255 on a bunch of random ports- this was happening dozens of times per minute. AFAIK 255 doesn’t even exist on any of my networks.
What is going on? Do I need to factory reset and start fresh? Do I have an intruder? Is this just normal traffic? I’m so confused (and a little worried). If it’s a security breach, how are they sending requests from multiple devices? I only had two or three ports forwarded to a compartmentalized network. I’ve disabled these for today in order to isolate any potential breach, and a lot of the logs stopped but I’m still seeing some.
Some background: I have multiple VLANs with firewall rules disallowing them to contact one another, including a rule to prevent devices inside the networks from contacting one another, unless specifically allowed. I have an IoT network set aside for things like Chromecast/Google Home, just so my LAN is isolated. But my LAN does have rules to allow contacting those devices, one way.
I set it all up before the new “Traffic Management” was a thing, so these rules were all set up very manually. Should I reset and use Traffic Management to create these rules? Is there a better way to set up this kind of compartmentalization?
Thank you in advance!