It would appear to me that you are on a cable modem, xDSL line or some other "shared" media (bridged rather than routed). One of your neighbors has a machine turned on at the ip address [199.245.180.13] . That machine is sending broadcasts [255.255.255.255/1015], which is quite normal. Your GB is blocking those broadcasts, which would otherwise reach your network. Your machines are sending broadcasts too, and he is receiving the ones send by your WAN gateway (your GNAT Box), but he just doesn't know it if he doesn't have a GB or some other firewall with logging capability.
Another possibility is that "someone" has a machine configured with that IP address on the EXT interface. What is your GB EXT Interface plugged into, and what else is plugged in there? The fact that your neighbor has no PTR record in DNS is only a testament to sloppy administration on the part of the owner of that network address (the ISP is most likely the "owner"). All IP addresses should have an A (forward) and a PTR (reverse) DNS entry. (another discussion entirely, though some misinformed administrators believe that security is enhanced by improperly configuring DNS. Go figure!). The fact that you cannot ping that address indicates that the ISP may be blocking/filtering ICMP packets, probably as a security measure, and to discourage the extra bandwidth of traceroutes, etc., or that because it may be an illegal address on that network, that it's not within the scope of your EXT interface IP subnet, or that the host is configured not to respond to ICMP traffic. The solution is to set your alarm thresholds high enough that you don't get email and pager messages regarding these broadcasts, and then otherwise ignore them. -joeb At 10:51 PM 01/05/2000 -0500, michael wrote: >i have a strange occurence going on on my gnatbox. >suddenly this afternoon i've been getting multiple messages on the gnatbox >message screen. >here is what i am recieving..... > >Jan 5 22:32:43 FILTER: remote access filter blocks:UDP bcast fxp0 >[199.245.180.13/1015] ->[255.255.255.255/1015] l=148 > >JAN 5 22:35:56 last message repeated 22 times >JAN 5 22:37:41 last message repeated 71 times > > >these messages keep repeating over and over > >obviously it is gnatbox blocking access into my internal lan,BUT when i >ping this address i get no response. >if i do a DNS lookup i get a " cannot resolve " message. > >is someone trying to get into me with a spoofed address? >how can i stop this? > >any help would be appreciated. > >tia >michael g > ---------- Joe Biniskiewicz EdgeGate Networks 531 Racquet Club Lane Thousand Oaks, CA 91360 Tel: 805 496-6043 Fax: 805 435-2000 ----------
