LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Broadcast packets keeping pppd alive

[ILUG] Broadcast packets keeping pppd alive

Chris Higgins chris.higgins at horizon.ie
Tue May 15 12:59:22 IST 2001 

> On Tue, May 15, 2001 at 12:00:10PM +0100, Ken Guest wrote:
> 
> > > I did a little checking and it appears that broadcast packets from the isp
> > > are keeping the connection alive.  The logs are full of these, one every
> > > 10secs:
> > > 
> > > May 14 15:03:00 setanta kernel: Packet log: input - ppp0 PROTO=89
> > > 194.125.144.69:65535 224.0.0.5:65535 L=64 S=0xC0 I=52990 F=0x0000 T=1 (#29)
> > > 

IP Proto 89 - NOT TCP/UDP PORT 89.....

Note the destination address 224.0.0.5 - This is a multicast address..

224.0.0.5 is OSPF ( http://www.faqs.org/rfcs/rfc1060.html )

So - ring em up, and ask them to disable OSPF routing announcements on
their external borders..

Actually - s/ask/tell/

As it stands they are leaving themselves open to possible DOS attacks..



> > > I gather these are to do with routing table updates, so I killed routed and
> > > restarted the connection but we're still getting the broadcasts.
> > > 
> > > Does anyone have any idea what triggers these broadcasts?  I'm at a dead end
> > > here so all help appreciated.
> > > 
> > 
> > IIRC it's SMB and Netbios packets as sent out from Windows PCs so you 
> > may want to filter out against the appropriate ports.
> 
> 
> Why on earth would your ISP be SENDING Netbios (and protocol 89 (137
> decimal) is Netbios, not routing table updates) packets to you, I wonder ?
> If these packets are incoming from the ISP then filtering won't help,
> because they've been received by the ISDN transport layer (at which stage
> the timeout gets restarted) before they get near your filter. I think it's
> time to call your ISP and get to talk to somebody clueful (probably NOT the
> first person who answers the phone) and tell them to stop the hell sending
> you those packets.
> 
> Mind you, it is very curious that everything was working fine before you had
> the reboot. One other thing to check - if you disconnect your gateway box
> from your internal LAN, and fire up the connection, does this still happen ?
> I'm wondering if perhaps there's something one of your internal 'doze boxes
> is doing which is causing these.
> 
> 
> 
> 
> Regards,
> 
> 
> 
> Niall
> 
> -- 
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie

-- 
** Chris Higgins                         e: chris.higgins at horizon.ie **
** Technical Business Development        tel: +353-1-6204916            **
** Horizon Technology Group              fax: +353-1-6204949            **

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell