Quoting Anuradha Weeraman <aweeraman@gmail.com>:
On 9/15/06, Graham Smith <graham@crazysquirrel.com> wrote:Sep 15 10:54:39 compost kernel: Output: IN= OUT=eth1 SRC=192.168.0.1 DST=224.0.0.251 LEN=74 TOS=0x00 PREC=0x00 TTL=255 ID=1 DF PROTO=UDP SPT=56190 DPT=5353 LEN=54UDP port 5353 is being used by mDNSResponder. Also, these appear to be multicast packets and are probably generated by iTunes users on the local network.
Nice try but these connection attempts are originating on the server (the internal interface is 192.168.0.1) and no one on the network is using iTunes (in fact at the moment no one is using anything).
My guess was some sort of DNS judging by the destination port number. I run Bind and I was wondering if that might be the cause. I've just grepped through the whole of etc looking for 5353 and come up empty. I've also tried netstat -l to no avail.
What concerns me is the IP address that it is trying to contact isn't one I would ever use and IIRC isn't in a non-routable block.
Thanks, Graham ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.