Anyone have ideas why I've been getting this blocked?



  • My default rule is to block anything that isn't requested, so I noticed recently that I am getting this in my firewall log…
      Feb 24 12:24:57 Bridge 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:57 BRIDGE0 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:57 Bridge 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:47 Bridge 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:47 BRIDGE0 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:47 Bridge 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:37 Bridge 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:37 BRIDGE0 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:37 Bridge 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:27 Bridge 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:27 BRIDGE0 169.254.255.1 224.0.0.5 TCP
      Feb 24 12:24:27 Bridge 169.254.255.1 224.0.0.5 TCP

    I checked both of the addresses and they trace to IANA; I'm not going to their site, but I do have dyndns running.  Does anyone know if that could be causing the address check?
    I was just thinking I just setup a box with freebsd 6.2; anyone know if it has a check feature.  I'm just wanting be sure.
    Thanks.

    Search results for: 169.254.255.1

    OrgName:    Internet Assigned Numbers Authority
    OrgID:      IANA
    Address:    4676 Admiralty Way, Suite 330
    City:       Marina del Rey
    StateProv:  CA
    PostalCode: 90292-6695
    Country:    US

    NetRange:   169.254.0.0 - 169.254.255.255
    CIDR:       169.254.0.0/16
    NetName:    LINKLOCAL
    NetHandle:  NET-169-254-0-0-1
    Parent:     NET-169-0-0-0-0
    NetType:    IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment:    Please see RFC 3330 for additional information.
    RegDate:    1998-01-27
    Updated:    2002-10-14



  • Looks like some sort of broadcast traffic. If it's coming from the WAN there is not much that you can do about it besides asking your ISP to check their config. Carp produces similiar traffic btw to announce it's master status to all other members.



  • Well crap… okay, I guess I'm stuck with it.  I would assume they are a trusted site, but I'm not wanting to take any chances.

    Thanks for your insight.



  • @mentalhemroids:

    Well crap… okay, I guess I'm stuck with it.  I would assume they are a trusted site, but I'm not wanting to take any chances.

    Thanks for your insight.

    Well no, its not coming from a trusted site.

    Parent:    NET-169-0-0-0-0
    NetType:  IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment:    Please see RFC 3330 for additional information.

    see http://www.faqs.org/rfcs/rfc3330.html

    169.254.0.0/16 - This is the "link local" block.  It is allocated for
      communication between hosts on a single link.  Hosts obtain these
      addresses by auto-configuration, such as when a DHCP server may not
      be found.

    When a PC requests a IP address using DHCP , and then does not get a response, it is supposed to be assigned a 169.254.x.x address.

    So the packets are coming from someone who needs a DHCP server, not IANA,


Log in to reply