[Dshield] Reserved addresses showing up in logs?

John Hardin johnh at aproposretail.com
Fri May 17 21:58:31 GMT 2002


On Fri, 2002-05-17 at 12:29, Bob Savage wrote:

> In the logs we're seeing a lot of entries like this:
> 
> 2002-05-17	19:14:42	192.168.100.89	192.168.100.255	Udp
> 137	137	BLOCKED	209.224.2.128
> 2002-05-17	19:14:43	192.168.100.89	192.168.100.255	Udp
> 137	137	BLOCKED	209.224.2.128
> 2002-05-17	19:14:44	192.168.100.89	192.168.100.255	Udp
> 137	137	BLOCKED	209.224.2.128
> 2002-05-17	19:14:45	192.168.100.89	192.168.100.255	Udp
> 137	137	BLOCKED	209.224.2.128
> 2002-05-17	19:14:46	192.168.100.89	192.168.100.255	Udp
> 137	137	BLOCKED	209.224.2.128
> 2002-05-17	19:14:46	192.168.100.89	192.168.100.255	Udp
> 137	137	BLOCKED	209.224.2.128

Is this inbound on your external interface?

NetBIOS broadcasts from private networks are not surprising. Like I said
before, poorly configured Windows systems are endemic.

Even if your ISP is filtering private addresses on their boundary
routers, they may not be filtering on internal or client routers. That
could be stuff from a misconfigured host at another of the ISP's client.
If you have Cable connectivity, then this isn't surprising at all.

Private Network traffic on the Internet interface should be blocked and
ignored. If you see enough of it to impact your bandwidth noticably,
take it up with your ISP. They *should* be filtering it on their client
routers as well as on their boundary routers.

--
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  In the Lion
  the Mighty Lion
  the Zebra sleeps tonight...
  Dee de-ee-ee-ee-ee de de de we um umma way!
-----------------------------------------------------------------------
 61 days until Apropos Forum 2002




More information about the list mailing list