Rob:
Heya. Victor's answer is spot-on:
> > Jul 1 00:44:38 pdrtr kernel: Packet log: input DENY eth0 PROTO=2
> > 192.168.100.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=0 F=0x0000 T=1 (#9)
>
> These are multi-cast packets, possibly from your ISP or a misconfigured
> clown on your cable network who is spewing them out. Multicasts packets
> stay within a network - and are not supposed to pass through the routers
> onto the Internet, so these packets are coming from close by.
Agreed: see the Time-to-Live there set to just "1", so
the machine which generated should be just 1 hop away (ie, it's
your ISP's router). For more details, plug the log entry into this:
http://www.echogent.com/cgi-bin/fwlog.pl
To stop your logs from filling, it's easy enough to add
some "ignore broadcast address traffic" rules to your firewall
setup. I put these into the echowall.rules file:
$IPCHAINS -A input -i $IF_EXT -b -s 0.0.0.0/8 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 169.254.0.0/16 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 192.0.2.0/24 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 224.0.0.0/4 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 240.0.0.0/5 -j DENY
$IPCHAINS -A input -i $IF_EXT -b -s 248.0.0.0/5 -j DENY
Helps keep down on the clutter. Hope it helps!
-Scott
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
