|
|||
wierd logs in pf
Hey guys,
I recently had that in my pf logs: Code:
Thanks and regards, K. |
|
|||
The source/origin addresses:
Code:
$ whois 0.76.46.0 OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 0.0.0.0 - 0.255.255.255 CIDR: 0.0.0.0/8 NetName: SPECIAL-IPV4-LOCAL-ID-IANA-RESERVED NetHandle: NET-0-0-0-0-1 Parent: NetType: IANA Special Use Comment: This block is assigned for use as local Comment: identification addresses. 0.0.0.0 refers to Comment: "this" host on "this" network. 0.0.0.0 Comment: MUST NOT be sent, except as a source address Comment: as part of an initialization procedure Comment: by which the host learns its own IP address. Comment: This block was assigned by the IETF in the Comment: Standard document, RFC 1122, and is Comment: further documented in the Best Current Comment: Practice document RFC 5735. These documents Comment: can be found at: Comment: http://www.rfc-editor.org/rfc/rfc1122.txt Comment: http://www.rfc-editor.org/rfc/rfc5735.txt RegDate: Updated: 2010-04-14 OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: Internet Corporation for Assigned Names and Number OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: abuse@iana.org OrgTechHandle: IANA-IP-ARIN OrgTechName: Internet Corporation for Assigned Names and Number OrgTechPhone: +1-310-301-5820 OrgTechEmail: abuse@iana.org # ARIN WHOIS database, last updated 2010-05-29 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. # # ARIN WHOIS data and services are subject to the Terms of Use # available at https://www.arin.net/whois_tou.html Code:
$ whois 214.26.128.9 OrgName: DoD Network Information Center OrgID: DNIC Address: 3990 E. Broad Street City: Columbus StateProv: OH PostalCode: 43218 Country: US NetRange: 214.0.0.0 - 214.255.255.255 CIDR: 214.0.0.0/8 NetName: DNIC-NET-214 NetHandle: NET-214-0-0-0-1 Parent: NetType: Direct Allocation Code:
$ whois 229.26.5.11 OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 224.0.0.0 - 239.255.255.255 CIDR: 224.0.0.0/4 NetName: MCAST-NET NetHandle: NET-224-0-0-0-1 Parent: NetType: IANA Special Use NameServer: FLAG.EP.NET NameServer: STRUL.STUPI.SE NameServer: NS.ISI.EDU NameServer: NIC.NEAR.NET Comment: This block is reserved for special purposes. Comment: Please see RFC 3171 for additional information. Comment: RegDate: 1991-05-22 Updated: 2002-09-16 Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Hey,
Thanks for the reply. Call me an idiot, but I still don't seem to fully get it. I can see there addresses different to multicasts, so still dont know how could they be sent from inside my network. Besides how is it possible that this IANA can send from inside my network anyway ?! Thanks and regards, K. |
|
|||
Could it be mobile phones, who are trying to reach the internet?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Not really, no.
I dont know if this helps but my network looks like this: internet---router---FreeBSD---switch----hosts Hosts connected to the switch are my desktop and my two laptops. Hosts connected to the AP are 2 more laptops and my mobile phone (which has wifi normally switched off and I'm sure this problem appeared when I didn't even have it on the network yet).|---access point---hosts FreeBSD box is running: - samba, - vsftpd, - sshd, - dhcpd, - nat+pf That is pretty much it. Thanks, K. |
|
|||
You could look at the MAC addresses, which reveal the manufacturer of the network device
Code:
$ arp -an ? (10.0.0.138) at 00:90:d0:83:06:7a on xl0 ? (192.168.222.10) at 00:08:c7:05:ca:0b on fxp0 static ? (192.168.222.20) at 00:19:db:47:b0:4c on fxp0 ? (192.168.222.33) at 00:11:d8:f1:dd:99 on fxp0 ? (192.168.222.250) at (incomplete) on fxp0 The first MAC from my ARP list is 00:90:d0:83:06:7a. Searching the oui.txt file for 00-90-D0 Code:
00-90-D0 (hex) Thomson Telecom Belgium 0090D0 (base 16) Thomson Telecom Belgium Code:
00-11-D8 (hex) ASUSTek Computer Inc. 0011D8 (base 16) ASUSTek Computer Inc.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Hi,
After a lot of tests I figured out what causes those wierd logs. It's one of the laptops at my network running Skype v4.2. I also use older version of skype on different machine and don't seem to generate that crap, so there must be something about that newish soft. Thanks for help, K. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Google Street View logs WiFi networks, Mac addresses | J65nko | News | 1 | 22nd April 2010 09:52 PM |
tftp logs | syrushcw | FreeBSD General | 1 | 25th June 2008 04:06 PM |
how extract specific test from Postfix logs with PHP or Perl | marco64 | Programming | 3 | 21st June 2008 12:46 PM |
How do I get network logs? | Johnny2Bad | FreeBSD General | 2 | 22nd May 2008 05:37 PM |