> On Tue, May 15, 2001 at 12:00:10PM +0100, Ken Guest wrote:
>> > > I did a little checking and it appears that broadcast packets from the isp
> > > are keeping the connection alive. The logs are full of these, one every
> > > 10secs:
> > >
> > > May 14 15:03:00 setanta kernel: Packet log: input - ppp0 PROTO=89
> > > 18.104.22.168:65535 22.214.171.124:65535 L=64 S=0xC0 I=52990 F=0x0000 T=1 (#29)
> > >
IP Proto 89 - NOT TCP/UDP PORT 89.....
Note the destination address 126.96.36.199 - This is a multicast address..
188.8.131.52 is OSPF ( http://www.faqs.org/rfcs/rfc1060.html )
So - ring em up, and ask them to disable OSPF routing announcements on
their external borders..
Actually - s/ask/tell/
As it stands they are leaving themselves open to possible DOS attacks..
> > > I gather these are to do with routing table updates, so I killed routed and
> > > restarted the connection but we're still getting the broadcasts.
> > >
> > > Does anyone have any idea what triggers these broadcasts? I'm at a dead end
> > > here so all help appreciated.
> > >
> > IIRC it's SMB and Netbios packets as sent out from Windows PCs so you
> > may want to filter out against the appropriate ports.
>>> Why on earth would your ISP be SENDING Netbios (and protocol 89 (137
> decimal) is Netbios, not routing table updates) packets to you, I wonder ?
> If these packets are incoming from the ISP then filtering won't help,
> because they've been received by the ISDN transport layer (at which stage
> the timeout gets restarted) before they get near your filter. I think it's
> time to call your ISP and get to talk to somebody clueful (probably NOT the
> first person who answers the phone) and tell them to stop the hell sending
> you those packets.
>> Mind you, it is very curious that everything was working fine before you had
> the reboot. One other thing to check - if you disconnect your gateway box
> from your internal LAN, and fire up the connection, does this still happen ?
> I'm wondering if perhaps there's something one of your internal 'doze boxes
> is doing which is causing these.
> Irish Linux Users' Group: ilug at linux.ie>http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie
** Chris Higgins e: chris.higgins at horizon.ie **
** Technical Business Development tel: +353-1-6204916 **
** Horizon Technology Group fax: +353-1-6204949 **
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!