[ previous ] [ next ] [ threads ]
 
 From:  "M. G. (Michael) de Bruin" <mg dot debruin at buum dot nl>
 To:  Evan Talley <grime at forbiddenninja dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall Logs Getting Flooded!!
 Date:  Sat, 19 Jun 2004 19:29:22 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A 224.x address is a Multicast address, and the 224.0.0.10 specifically
is an IGRP address, meant to send out IGRP (routing) tables and stuff.
For more info, see http://www.iana.org/assignments/multicast-addresses
for a list of the numbers. What you could do, is specifically block the
packets in the Webgui and tell m0n0wall not to log them.

Cheers,

Michael

Evan Talley wrote:

| Hi, I'm kind of new to m0n0wall, but it definitely rocks. I'm not too
| familiar with the firewall logging for it though. I keep getting ng0
@0:17 b
| 209.142.130.4 -> 224.0.0.10 PR eigrp len 20 (60) IN logged every 5
seconds,
| and I have no idea how to make it stop. What's really weird about it is
| neither one of the IPs are in my network. The 209.142.130.4 I believe
is my
| ISP's gateway that I'm connected to, and the 224.0.0.10 is a name server I
| think. Could this be getting logged because the packets are being rejected
| and getting returned? That's just a guess though because I really
don't know
| much about interpreting these logs. Also, if anyone knows a good site
where
| I can learn a little more on how to understand these logs, please let me
| know. Thanks.
|
|
|
| -Evan
|
| grime at forbiddenninja dot com
|
| Network Admin
|
| Port Aransas Computer Center
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA1HfyQ9cfgf1E1Y4RAqiJAKCEIih/W5u5RrAkd4eZgXbXv1rz4QCg7d50
jevcA9pYZv+DhzcD7OVhlmI=
=ofcQ
-----END PGP SIGNATURE-----