I have a weird situation here at home. For about the last 48 hours my IPFire opens ‘thousands’ of connections from its own gateway IP with accidental ports in a range from 43000 to about 54000 to its own gateway IP on port 81. I can see that in the connection tracking screen. Black coloured lines all overall there. Status is ‘TIME_WAIT’.
CPU load goes to nearly 100%. The Status information screen → CPU diagram shows 80% CPU usage by ‘user’.
I did not install anything. No new services or such. I only do the updates. I do not use virus scanning or intrusion prevention. Only Squid non-transparent on port 800, URL-Filter, unbound DNS over TLS, DHCP. All ports are blocked for Forward chain as a standard. Also port 81 is not opened by me. I have several rules for outgoing ports. Nothing changed since Saturday only some ports opened for two new multiplayer games of my son on Saturday and today.
Core 153 running for several weeks now without problems until Saturday evening. Reboots do not solve the problem. After restart the CPU goes to nearly 100% load instantly.
Did someone encounter the same problem in the past? A web search did not show anything except this unanswered post in the old forum in German: