• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Constant IPv6 pings to my firewall

Joined
Jul 21, 2015
Messages
501 (0.16/day)
I'm not real up on IPv6, I don't use it (it's disabled on my LAN, including Teredo) but over the past day or so I've seen a near-constant flood of pings from a single IPv6 address to ff02::1.. Is this a persistent script kiddie whose scanner is stuck on me or what? My logs are usually filled with IPv4 port scans from the usual hacker havens (China, Russia, India, etc) but they usually scan a couple times and thats it. What is the significance of this ff02::1?

 
Joined
Feb 19, 2006
Messages
6,270 (0.95/day)
Location
New York
Processor INTEL CORE I9-9900K @ 5Ghz all core 4.7Ghz Cache @1.305 volts
Motherboard ASUS PRIME Z390-P ATX
Cooling CORSAIR HYDRO H150I PRO RGB 360MM 6x120mm fans push pull
Memory CRUCIAL BALLISTIX 3000Mhz 4x8 32gb @ 4000Mhz
Video Card(s) EVGA GEFORECE RTX 2080 SUPER XC HYBRID GAMING
Storage ADATA XPG SX8200 Pro 1TB 3D NAND NVMe,Intel 660p 1TB m.2 ,1TB WD Blue 3D NAND,500GB WD Blue 3D NAND,
Display(s) 50" Sharp Roku TV 8ms responce time and Philips 75Hz 328E9QJAB 32" curved
Case BLACK LIAN LI O11 DYNAMIC XL FULL-TOWER GAMING CASE,
Power Supply 1600 Watt
Software Windows 10
It is not as hacker it is a listener and is happening local not via the internet. Part of multicast.
 
Last edited:
Joined
Jul 21, 2015
Messages
501 (0.16/day)
It is not as hacker it is a listener and is happening local not via the internet. Part of multicast.

It's not local, it's being blocked by the firewall at the WAN interface. And as I said, nothing on my LAN uses IPv6, it's disabled in everything...
 
Joined
Feb 19, 2006
Messages
6,270 (0.95/day)
Location
New York
Processor INTEL CORE I9-9900K @ 5Ghz all core 4.7Ghz Cache @1.305 volts
Motherboard ASUS PRIME Z390-P ATX
Cooling CORSAIR HYDRO H150I PRO RGB 360MM 6x120mm fans push pull
Memory CRUCIAL BALLISTIX 3000Mhz 4x8 32gb @ 4000Mhz
Video Card(s) EVGA GEFORECE RTX 2080 SUPER XC HYBRID GAMING
Storage ADATA XPG SX8200 Pro 1TB 3D NAND NVMe,Intel 660p 1TB m.2 ,1TB WD Blue 3D NAND,500GB WD Blue 3D NAND,
Display(s) 50" Sharp Roku TV 8ms responce time and Philips 75Hz 328E9QJAB 32" curved
Case BLACK LIAN LI O11 DYNAMIC XL FULL-TOWER GAMING CASE,
Power Supply 1600 Watt
Software Windows 10
It's not local, it's being blocked by the firewall at the WAN interface. And as I said, nothing on my LAN uses IPv6, it's disabled in everything...
even disabled it will still have that listener.
Most firewalls will detect local as well so that doesn't matter.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
I don't know much about this stuff, but logic tells me it may be something else, or at least have some unusual underlying cause, since he said it didn't start happening until "a day or so" ago.
 
Joined
Jul 21, 2015
Messages
501 (0.16/day)
even disabled it will still have that listener.
Most firewalls will detect local as well so that doesn't matter.

Bro. It is NOT LOCAL. It is coming in from the WAN. REPEAT. NOT. LOCAL. See on the third column where it says "WAN"? That means it is an INBOUND request.

I don't know much about this stuff, but logic tells me it may be something else, or at least have some unusual underlying cause, since he said it didn't start happening until "a day or so" ago.

Thank you! I've been using pfSense for over 5 years, and I have NEVER seen a flood like this.

And it is still going....

 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Check your services, run mbam, sbsad, sas.

If in question contact your isp for packet sniffers, or refresh your external ip address.
 
Joined
Mar 18, 2008
Messages
5,717 (0.98/day)
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA RTX 3090 FTW3 Ultra
Storage Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s) 32'' 4K Dell
Case Fractal Design R5
Audio Device(s) BOSE 2.0
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
VR HMD HTC Vive + Oculus Quest 2
Software Windows 10 P
NSA guy trying to check on your porn stash maybe.
 
Joined
Jul 13, 2016
Messages
2,793 (0.99/day)
Processor Ryzen 7800X3D
Motherboard ASRock X670E Taichi
Cooling Noctua NH-D15 Chromax
Memory 32GB DDR5 6000 CL30
Video Card(s) MSI RTX 4090 Trio
Storage Too much
Display(s) Acer Predator XB3 27" 240 Hz
Case Thermaltake Core X9
Audio Device(s) Topping DX5, DCA Aeon II
Power Supply Seasonic Prime Titanium 850w
Mouse G305
Keyboard Wooting HE60
VR HMD Valve Index
Software Win 10
I'm not real up on IPv6, I don't use it (it's disabled on my LAN, including Teredo) but over the past day or so I've seen a near-constant flood of pings from a single IPv6 address to ff02::1.. Is this a persistent script kiddie whose scanner is stuck on me or what? My logs are usually filled with IPv4 port scans from the usual hacker havens (China, Russia, India, etc) but they usually scan a couple times and thats it. What is the significance of this ff02::1?


You can google that IPv6 address, it's a common multi-cast address for streaming content. Unlikely that it has anything to do with hackers.
https://en.wikipedia.org/wiki/IP_multicast
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,774 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 14900KS
Motherboard EVGA z690 Dark KINGPIN (modded BIOS)
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis mini (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
It's not local, it's being blocked by the firewall at the WAN interface. And as I said, nothing on my LAN uses IPv6, it's disabled in everything...

Be that as it may its local. My IPv6 is disabled and windows will still try to broadcast using that address.

I took the liberty of visually referencing the needed tables below. I'm sure you will be able to make quick work of it with your extensive networking knowledge.



Bro. It is NOT LOCAL. It is coming in from the WAN. REPEAT. NOT. LOCAL. See on the third column where it says "WAN"? That means it is an INBOUND request.

While it may be out of turn when networking people respond to a networking question and the "meta" answer is that you are wrong you would do well to be a little more polite and open minded about what you consider fact.
 
Last edited:

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.61/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Be that as it may its local. My IPv6 is disabled and windows will still try to broadcast using that address.

I took the liberty of visually referencing the needed tables below. I'm sure you will be able to make quick work of it with your extensive networking knowledge.





While it may be out of turn when networking people respond to a networking question and the "meta" answer is that you are wrong you would do well to be a little more polite and open minded about what you consider fact.

I wonder if a registry hack will kill it totally
 
Top