Firewall Log shows unfamiliar internal IP
-
I was reviewing my firewall log activity and the firewall blocks many attempts internally and the source IP is something unfamiliar (appears to be an IPV6 type) not within my network and it is trying to go to a destination like ff02::3 port 5355 many times. I understand this destination is something usually for multicast.
Is there something on one of my connected devices internally that is trying to do this and maybe spoofing its source IP ?
Thanks in advance for any help.
-
Use Packet Capture to see what the MAC address is. You can then compare that to your hardware. You can also check your DHCP Leases to see if there's an IPv4 address assigned.
-
I checked the leases and nothing for the IPv4 address assigned. Is there something I need to install for packet capture ? Thanks.
-
Diagnostics - Packet Capture
-
Got it. I did the packet capture and the MAC is a phone that should be on the network. Odd that it would use an IV6 as its source if I don't use that. And some app with the multi cast must be constantly pinging.
-
@Overbay11 said in Firewall Log shows unfamiliar internal IP:
Odd that it would use an IV6 as its source if I don't use that.
Does it use a link local address (starts with fe80)? Every IPv6 capable device has one of those.
-
@JKnott Correct, it starts with fe80.
