dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
471
share rss forum feed


humhumhum

@99.241.228.x

[Internet] Something to be concerned about?

Hi all,

For over 16 hours, now, I've been getting these types of entries in my router log at a rate of one per minute:

Jul 24 09:39:57 kernel: DROP IN=eth0 OUT= MAC=[...] SRC=7.249.104.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=6319 OPT (94040000) PROTO=2

My router is hooked up to one of Rogers' 'Home Networking Modems', which is in bridge mode. Nothing was changed on my end and everything appeared to be normal (the usual Internet 'noise' being blocked) until this traffic started pouring in.

It appears to be multicast traffic? I'm guessing that 7.249.104.1, here, is Rogers (as opposed to US DoD......)?

My router appears to be doing its job, blocking the traffic... however, I'm feeling uneasy that this traffic is suddenly coming in for no apparent reason. Should I be worried about this?


LSTA

join:2010-11-25
North York, ON
Reviews:
·Rogers Hi-Speed

Rogers uses those DoD IPs for its internal use. Who knows why.

224.0.0.1 is a multicast IP address, so it's not addressed specifically for you: »en.wikipedia.org/wiki/Multicast_address

I wouldn't worry about it. Similar multicast is used all the time for Apple's Bonjour traffic. I'm sure there's also network monitoring traffic that would appear as strange if everyone closely monitored firewall logs.

If you're paranoid, pay more attention to inside-the-network traffic, since that's where an attacker or virus might be actively sending data back and forth that you care about. Outside the network should be mostly quiet pipes to Rogers' facilities.



RogersDoDip

@108.168.7.x

I think they use it so that as a private range internally, so there would be no traffic routing issues or conflicts with any possible customers using that range, unlike any other private range.