thanks for the reply no i am not in montana, i'm in ny isn't this eating up some of my bandwidth? i'm not a pro at this , so how would i go about looking up this orgs/persons address and such to get them to stop broadcasting this ?
if it is a misconfigured address, why am i getting it? michael ----- Original Message ----- From: "Joe Biniskiewicz" <[EMAIL PROTECTED]> To: "michael" <[EMAIL PROTECTED]> Sent: Thursday, January 06, 2000 10:12 PM Subject: Re: strange logs > Okay, I checked the address, and it's owned by Kinetics Corp in Emigrant, > MT. However there is not route to that host on the Internet. It's > probably an address that they are not using right now. > > If you are not also in Montana, and the name Emigrant doesn't sound > familiar, then it's probably just someone with a misconfigured address on > the same Cable ISP as you are. > > You should find the address in your arp table, though that won't tell you > much except for the MAC address. At any rate it's nothing to worry about. > -joeb > > > At 09:26 AM 01/06/2000 -0500, michael wrote: > >yes i am on a cablemodem. > >but, mys isp is not in the 199.xxx range. > >and this just started yesterday afternoon. i've had my cable setup for > >almost a year now with various firewalls and never had this happen before. > >i've had gnatbox running for 4 months now and also no alarms like this have > >been set. > > > > > >----- Original Message ----- > >From: "Joe Biniskiewicz" <[EMAIL PROTECTED]> > >To: "michael" <[EMAIL PROTECTED]> > >Cc: <[EMAIL PROTECTED]> > >Sent: Thursday, January 06, 2000 8:32 AM > >Subject: Re: strange logs > > > > > > > It would appear to me that you are on a cable modem, xDSL line or some > > > other "shared" media (bridged rather than routed). One of your neighbors > > > has a machine turned on at the ip address [199.245.180.13] . That machine > > > is sending broadcasts [255.255.255.255/1015], which is quite normal. Your > > > GB is blocking those broadcasts, which would otherwise reach your > > > network. > > > > Another possibility is that "someone" has a machine configured with that > >IP > > > address on the EXT interface. What is your GB EXT Interface plugged into, > > > and what else is plugged in there? > > > > > > The fact that your neighbor has no PTR record in DNS is only a testament > >to > > > sloppy administration on the part of the owner of that network address > >(the > > > ISP is most likely the "owner"). All IP addresses should have an A > > > (forward) and a PTR (reverse) DNS entry. (another discussion entirely, > > > though some misinformed administrators believe that security is enhanced > >by > > > improperly configuring DNS. Go figure!). > > > > > > The fact that you cannot ping that address indicates that the ISP may be > > > blocking/filtering ICMP packets, probably as a security measure, and to > > > discourage the extra bandwidth of traceroutes, etc., or that because it > >may > > > be an illegal address on that network, that it's not within the scope of > > > your EXT interface IP subnet, or that the host is configured not to > >respond > > > to ICMP traffic. > > > > > > The solution is to set your alarm thresholds high enough that you don't > >get > > > email and pager messages regarding these broadcasts, and then otherwise > > > ignore them. > > > -joeb > > > > > > At 10:51 PM 01/05/2000 -0500, michael wrote: > > > >i have a strange occurence going on on my gnatbox. > > > >suddenly this afternoon i've been getting multiple messages on the > >gnatbox > > > >message screen. > > > >here is what i am recieving..... > > > > > > > >Jan 5 22:32:43 FILTER: remote access filter blocks:UDP bcast fxp0 > > > >[199.245.180.13/1015] ->[255.255.255.255/1015] l=148 > > > > > >
