Firewall log flooding Block messages to 255.255.255.255:7423



  • Hello List,

    I am seeing the following fill up my firewall logs with a block action:

    Aug 30 09:33:58 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:01 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:04 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:07 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:10 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:13 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:16 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:19 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:22 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:25 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP
    	Aug 30 09:34:28 	igb1 	192.168.0.1:47445		255.255.255.255:7423		UDP 
    

    I don't have 192.168.0.1 configured on any interface, or the LAN interface, and not sure what port 7423 is for. Is there any way I can stop this traffic? Or at least stop it from logging? And does anyone know what this traffic is?

    thanks,
    Ll



  • Do you have a Netgear WLAN router?
    > My Netgear R7000 seems to be broadcasting every second or so to UDP port 7423.
    and
    > … netgear WNDR4500 ... router sends every 3 seconds these UDP packets on my LAN:

    Create a firewall rule that blocks, rejects or passes (doesn't matter) traffic from 192.168.0.1 UDP to Port 7423 and uncheck "Log packets" at the bottom of that rule. That silences it in the logs. To get rid of it completely just don't buy Netgear stuff…



  • Yeah I looked at those links. I have created a floating rule for all interfaces as well as on LAN which is igb1 to pass the traffic. Log box is unchecked, however the logs are still being filled up with the block messages.



  • @landossa:

    Yeah I looked at those links. I have created a floating rule for all interfaces as well as on LAN which is igb1 to pass the traffic. Log box is unchecked, however the logs are still being filled up with the block messages.

    Are those rules showing any traffic activity? Do you have the ruls correctly ordered? (Floating is last-match while interface rules are first-match wins. Also, floating is parsed before interface rules, IIRC.)

    I think you can simply click on the logged activity and it will create a quick firewall rule matching the logged traffic.


  • Rebel Alliance Global Moderator

    So what did you set your lan IP to be on this router?  And it still sends out this nonsense from an IP that its not even using??  Just the default IP??

    What I got from the threads is don't have this problem with 3rd party firmware.  So vs just not logging the noise, why not stop it at the source - just put on say dd-wrt and no more noise, no more need not to block said noise which sounds like a win win to me..



  • I don't even use the 192.168.0.1/24 range and there is no configured IP address on my network with that.
    I do have a Wireless adapter plugged into the interior of the Netgate SG-4860 and I suspect this may be the cause.

    The Easy Rule Add throws this error:

    This is the Easy Rule status page, mainly used to display errors when adding rules. There apparently was not an error, and this page was navigated to directly without any instructions for what it should do.
    
    This page is meant to be called from the block/pass buttons on the Firewall Logs page, Status > System Logs, Firewall Tab.
    

  • Rebel Alliance Global Moderator

    So what did you set the AP too for its IP??  What would a wifi adapter on your firewall have to do with traffic coming from your network??  My point of that question is even points to worse buggy code of theirs if changed its lan IP and its still sending out with its default IP?

    Again if you don't want the noise use 3rd party firmware on the AP vs their native code.  Not logging it doesn't mean its not there..



  • UPDATE: igb1 appears to be the same network port which is used by the PPPoE ADSL interface. There is an ADSL modem attached to it. This traffic must be generated by the ADSL modem.

    However, igb1 still appears as a network port which I am able to enable and assign to an interface. I have assigned it to an interface and now I am able to stop the logging via a firewall pass rule.

    Weird.. Is this supposed to be like this?