New SOHO Trying to Use Google DNS

I have a new Surf SOHO I just setup in my network. It sits inside a pfSense firewall that uses Nord DNS servers. In the pfSense firewall traffic I see the SOHO trying to connect to and being blocked by Snort with a notice: “PROTOCOL-ICMP Unusual PING detected”.

Why is the SOHO trying to connect to Google? I tried setting the DNS and Health Check DNS to the Nord servers and it didn’t make a difference. I gave the SOHO a static IP and it’s still the same.


Hi, Surf SOHO sends some kinds of packet with TTL (time-to-live) set to a very small value to next-hop router and expect ICMP-TTL-expired reply from the router, this information is contributed to WAN quality. is one of the target.

There is no way to stop this checking in 8.0.0.
In up coming 8.0.1, we will introduce an option to disable WAN quality monitoring which will disable these packets.