[Internet] Something to be concerned about?
For over 16 hours, now, I've been getting these types of entries in my router log at a rate of one per minute:
Jul 24 09:39:57 kernel: DROP IN=eth0 OUT= MAC=[...] SRC=18.104.22.168 DST=22.214.171.124 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=6319 OPT (94040000) PROTO=2
My router is hooked up to one of Rogers' 'Home Networking Modems', which is in bridge mode. Nothing was changed on my end and everything appeared to be normal (the usual Internet 'noise' being blocked) until this traffic started pouring in.
It appears to be multicast traffic? I'm guessing that 126.96.36.199, here, is Rogers (as opposed to US DoD......)?
My router appears to be doing its job, blocking the traffic... however, I'm feeling uneasy that this traffic is suddenly coming in for no apparent reason. Should I be worried about this?
North York, ON
Rogers uses those DoD IPs for its internal use. Who knows why.
188.8.131.52 is a multicast IP address, so it's not addressed specifically for you: »en.wikipedia.org/wiki/Multicast_address
I wouldn't worry about it. Similar multicast is used all the time for Apple's Bonjour traffic. I'm sure there's also network monitoring traffic that would appear as strange if everyone closely monitored firewall logs.
If you're paranoid, pay more attention to inside-the-network traffic, since that's where an attacker or virus might be actively sending data back and forth that you care about. Outside the network should be mostly quiet pipes to Rogers' facilities.