Re: my isp is being told i am broadcasting spam?

To: debian-user@lists.debian.org
Subject: Re: my isp is being told *i* am broadcasting spam?
From: Jamin W.Collins <jcollins@asgardsrealm.net>
Date: Sat, 20 Apr 2002 16:55:20 -0500
Message-id: <[🔎] 20020420165520.4d76e969.jcollins@asgardsrealm.net>
In-reply-to: <[🔎] 20020420074318.B11918@serensoft.com>
References: <[🔎] 20020418215745.C7647@serensoft.com> <[🔎] Pine.LNX.4.30.0204182004150.20479-100000@henry.amplepower.com> <[🔎] 20020418233307.U2564@morgul.net> <[🔎] 20020419152255.GF10494@eiv.com> <[🔎] 20020419160801.GB22492@dman.ddts.net> <[🔎] 20020419182951.GD834@doorstop.net> <[🔎] 20020420074318.B11918@serensoft.com>

On Sat, 20 Apr 2002 07:43:18 -0500
"will trillich" <will@serensoft.com> wrote:

> when i first set up ipCop (ipcop.org) i got about 18mb of
> logfile in one afternoon from the default firewall logging rules
> (via ipchains on potato):
> 
> Apr  2 12:18:41 troll kernel: Packet log: input - eth1 PROTO=89
> 63.64.14.221:65535 224.0.0.5:65535 L=64 S=0x00 I=21723 F=0x0000 T=1 (#8)

Well, let's disect a bit of that entry.  The PROTO=89 means that the
packet you got was using OSPFIGP (Open Shortest Path First IGP).  Next,
IIRC, the 63.64.14.221:65535 is the source portion of the packet.  This
appears to be part of "sigecom.net".  The 224.0.0.5:65535 (or destination)
is the part that I'm more interested in.  This is part of "mcast.net".  I
too have recently seen a lot of these messages.  From what I understand,
unless you are using multicast, you can safely block these.  I've added
rules to my firewalls to silently drop the entire multicast range for now
224.0.0.0/8.  Since they are explictly dropped, they never reach my
logging chain (I wouldn't suggest running a firewall without one).

> is all this activity from a goofy setup by my isp?  is it
> something i'm doing?  surely this much probing must mean
> something...

>From the limited understanding I have of multicast, I believe this to be
normal operation.  The idea as I understood it was that with Multicast one
transmission could be received by anyone interested, thus making
broadcasting much more possible.

-- 
Jamin W. Collins

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- my isp is being told *i* am broadcasting spam?
  - From: will trillich <will@serensoft.com>
- Re: my isp is being told *i* am broadcasting spam?
  - From: David Smead <smead@amplepower.com>
- Re: my isp is being told *i* am broadcasting spam?
  - From: Noah Meyerhans <noahm@debian.org>
- Re: my isp is being told *i* am broadcasting spam?
  - From: Shawn McMahon <smcmahon@eiv.com>
- Re: my isp is being told *i* am broadcasting spam?
  - From: dman <dman@dman.ddts.net>
- Re: my isp is being told *i* am broadcasting spam?
  - From: Vineet Kumar <debian-user@virtual.doorstop.net>
- Re: my isp is being told *i* am broadcasting spam?
  - From: will trillich <will@serensoft.com>

Prev by Date: Re: apt-get upgrade won't
Next by Date: Re: my isp is being told *i* am broadcasting spam?
Previous by thread: Re: my isp is being told *i* am broadcasting spam?
Next by thread: Re: my isp is being told *i* am broadcasting spam?
Index(es):
- Date
- Thread

Re: my isp is being told *i* am broadcasting spam?

Re: my isp is being told i am broadcasting spam?