Skip to content disloops

I recently needed to run Nmap against a ton of hosts at once but my internet connection died as soon as I launched all the concurrent threads. That had never happened before – turns out that I maxed out the “state table” on my SG-2440 pfSense router.

The default settings allow it to hold 405,000 max connections in the firewall state table. Every million states take about a gig of RAM and the router has 4 gig total, so the default is to let the state table take up 10% of the total memory capacity at most. Apparently running around 50+ Nmap threads against all ports per host maxes that out immediately.

I had to SSH into the router and flush the state table (“pfctl -F states”) to get my connection working again. Then I bumped the max states up to 3M and I scaled back the number of Nmap threads I’m running. Now it works but I thought that was a funny problem to come across; I didn’t foresee my fancy router being the bottleneck.

1

I recently saw an article by @dnlongen on potential uses for OpenDNS:

Detecting Malware Through DNS Queries

It made me want to take advantage of OpenDNS on my home network. OpenDNS allows users to configure DNS servers that block requests for many types of content, including known malicious domains.

Because OpenDNS is owned by Cisco, you may want to consider if it offers the level of privacy you need. It's safe to assume that they log every request and provide the information to others. But does a real internet super-villain rely on their DNS server? At least we know who owns OpenDNS – who owns your VPN?

...continue reading "OpenDNS on pfSense"