On Sat, 20 Apr 2002 07:43:18 -0500 "will trillich" <[EMAIL PROTECTED]> wrote:
> when i first set up ipCop (ipcop.org) i got about 18mb of > logfile in one afternoon from the default firewall logging rules > (via ipchains on potato): > > Apr 2 12:18:41 troll kernel: Packet log: input - eth1 PROTO=89 > 63.64.14.221:65535 224.0.0.5:65535 L=64 S=0x00 I=21723 F=0x0000 T=1 (#8) Well, let's disect a bit of that entry. The PROTO=89 means that the packet you got was using OSPFIGP (Open Shortest Path First IGP). Next, IIRC, the 63.64.14.221:65535 is the source portion of the packet. This appears to be part of "sigecom.net". The 224.0.0.5:65535 (or destination) is the part that I'm more interested in. This is part of "mcast.net". I too have recently seen a lot of these messages. From what I understand, unless you are using multicast, you can safely block these. I've added rules to my firewalls to silently drop the entire multicast range for now 224.0.0.0/8. Since they are explictly dropped, they never reach my logging chain (I wouldn't suggest running a firewall without one). > is all this activity from a goofy setup by my isp? is it > something i'm doing? surely this much probing must mean > something... >From the limited understanding I have of multicast, I believe this to be normal operation. The idea as I understood it was that with Multicast one transmission could be received by anyone interested, thus making broadcasting much more possible. -- Jamin W. Collins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
