Joel Hammer wrote:
>
> PROTO=2 192.168.100.1:65535 224.0.0.1:65535
> Does anyone know what this activity on my external NIC means?
> My machine is neither of these two ip's.
> This occurs all day, about 5000 hits in the last 5 days.
> Been going on for months.
> My /etc/protocol gives the following info:
> igmp 2 IGMP # internet group multicast protocol
>
> nslookup 224.0.0.1 :
> ALL-SYSTEMS.MCAST.NET
> Address: 224.0.0.1
>
> 192.168.100.1 can't be found with nslookup.
Well, it looks like a bunch of muliticast traffic from inside the @home
network (you are @home correct?) which they are likely using for
monitoring and config of the internal workings of your segment.
My suggestion is to block all private network traffic on your external
NIC:
ipchains -A input -s 192.168.0.0/255.255.0.0 -d youriphere -i eth0 -j
DENY -l
and block all multicast traffic (unless you are using it for some reason
at home:
ipchains -A input -s 224.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
Once you are sure that you are catching all this, I'd remove the -l
(logging) and put it to bed. I've had to do this with a few recurring
things in the past, DNS broadcasts and IIRC I've done this very thing
with MCast traffic on my firewall. There's quite a bit of internal
chatter on @home.
--
Linux StepByStep [http://members.home.net/linuxsteps/]
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
