From owner-freebsd-questions@FreeBSD.ORG Fri Apr 18 00:10:06 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C79F137B401 for ; Fri, 18 Apr 2003 00:10:06 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id E16C943FA3 for ; Fri, 18 Apr 2003 00:10:04 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h3I79pMT051228 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 18 Apr 2003 08:09:51 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h3I79poT051227; Fri, 18 Apr 2003 08:09:51 +0100 (BST) (envelope-from matthew) Date: Fri, 18 Apr 2003 08:09:51 +0100 From: Matthew Seaman To: Dragoncrest Message-ID: <20030418070951.GA50571@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , Dragoncrest , freebsd-questions@freebsd.org References: <5.2.0.9.2.20030417222428.00a05760@pop.voyager.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline In-Reply-To: <5.2.0.9.2.20030417222428.00a05760@pop.voyager.net> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-38.8 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: freebsd-questions@freebsd.org Subject: Re: Strange network traffic?? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2003 07:10:07 -0000 --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 17, 2003 at 10:27:57PM -0400, Dragoncrest wrote: > Hi all. Just a few weeks back I started noticing this traffic=20 > showing up on my lan and I have no idea how to explain it. Using trafsh= ow=20 > I get the from address as my router gateway for our connection coming in= =20 > from our provider, and destination as OSPF-ALL.MCAST.NET, the protocol is= =20 > OSPF, and it's only sending about 80 bytes of data every 30 seconds to a= =20 > minute or so. It's obviously not internal network traffic as source and= =20 > destination are not internal, yet these show up on my machine when I'm=20 > monitoring the network. Any suggestions, ideas, or thoughts as to what t= he=20 > heck this is?? OSPF "Open Shortest Path First" is a routing protocol -- pretty much harmless in itself. It's not supported by default on FreeBSD, although you can install gated or zebra from ports if you wish to use it. =20 If the source is outside your LAN, then you need to review your firewalls and border routers. Multicast traffic shouldn't be allowed to come into your network unless specifically required. Usually, that's not a problem as you have to run mrouted(8) or equivalent to pass the multicast traffic through a router. Note that mrouted(8) can use IP-in-IP tunnelling to pull multicast traffic in from an arbitrary external site, so a) mrouted doesn't have to run on the border router itself and b) just filtering out the multicast netblock at the firewall may not be enough. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+n6S/dtESqEQa7a0RAlzZAJ9J3SQRKEG6iHHvHNoE/+38RyXaLwCbBT8s Lkw5PY5+qPTbsHr3PcnBScY= =I1C3 -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi--