Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 30 Jun 2001 01:55:13 +0100
From:      John Murphy <jfm@blueyonder.co.uk>
To:        "Ian P. Thomas" <ipthomas_77@yahoo.com>
Cc:        questions@FreeBSD.ORG
Subject:   Re: firewall log output
Message-ID:  <ba7qjtk3g9p7ol9f258s81t7s87vs8s63v@4ax.com>
In-Reply-To: <200106292300.TAA00818@scraemondaemon.my.domain>
References:  <ne5pjt0gsm9e6cg2q0fdaj63i1tgcifn80@4ax.com> <200106292300.TAA00818@scraemondaemon.my.domain>

next in thread | previous in thread | raw e-mail | index | archive | help
"Ian P. Thomas" <ipthomas_77@yahoo.com> wrote:

>	You're right, it is a Motorola Surfboard.  Any way to turn it off?  It
>fills up my log and I have to reset it to zero.  This last message is =
the
>only other one I see.  I get three in a row and then the Surfboard trys =
to
>call ALL-SYSTEMS.
>
>ipfw: 65435 Deny UDP 24.49.96.10:2301 255.255.255.255:2301 in via fxp0
>
>	It's a UDP but the originating IP isn't mine and 2301 isn't listed
>online or in /etc/services.  Am I right in thinking that the
>255.xxx.xxx.xxx is the entire subnet for all cable modem users in my =
area
>and that this UDP packet is being sent to all of them?

The 255.255.255.255 address looks more like a subnet mask or a broadcast
address and seems to originate from someone on the same class C as you.

I use IPFilter myself so I can't say how you would stop them filling
your ipfw log.  I use the following to block without logging the
packets from the modem:
block in quick on ed0 from 192.168.100.1/32 to 224.0.0.1/32
or
block in log quick on ed0 from 192.168.100.1/32 to 224.0.0.1/32
if I wanted to log them.

IPFilter rules ;)
John.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ba7qjtk3g9p7ol9f258s81t7s87vs8s63v>