Re: [ILUG] Broadcast packets keeping pppd alive

From: Chris Higgins (chris.higgins at domain horizon.ie)
Date: Tue 15 May 2001 - 12:59:22 IST

• Next message: Dermot Gorman: "[ILUG] avi to mpg converter"
• Previous message: Niall O Broin: "Re: [ILUG] Sharing a server from two domains"
• Maybe in reply to: Dermot Buckley: "[ILUG] Broadcast packets keeping pppd alive"
• Next in thread: Wynne, Conor: "RE: [ILUG] Broadcast packets keeping pppd alive"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

> On Tue, May 15, 2001 at 12:00:10PM +0100, Ken Guest wrote:
>
> > > I did a little checking and it appears that broadcast packets from the isp
> > > are keeping the connection alive. The logs are full of these, one every
> > > 10secs:
> > >
> > > May 14 15:03:00 setanta kernel: Packet log: input - ppp0 PROTO=89
> > > 194.125.144.69:65535 224.0.0.5:65535 L=64 S=0xC0 I=52990 F=0x0000 T=1 (#29)
> > >

IP Proto 89 - NOT TCP/UDP PORT 89.....

Note the destination address 224.0.0.5 - This is a multicast address..

224.0.0.5 is OSPF ( http://www.faqs.org/rfcs/rfc1060.html )

So - ring em up, and ask them to disable OSPF routing announcements on
their external borders..

Actually - s/ask/tell/

As it stands they are leaving themselves open to possible DOS attacks..

> > > I gather these are to do with routing table updates, so I killed routed and
> > > restarted the connection but we're still getting the broadcasts.
> > >
> > > Does anyone have any idea what triggers these broadcasts? I'm at a dead end
> > > here so all help appreciated.
> > >
> >
> > IIRC it's SMB and Netbios packets as sent out from Windows PCs so you
> > may want to filter out against the appropriate ports.
>
>
> Why on earth would your ISP be SENDING Netbios (and protocol 89 (137
> decimal) is Netbios, not routing table updates) packets to you, I wonder ?
> If these packets are incoming from the ISP then filtering won't help,
> because they've been received by the ISDN transport layer (at which stage
> the timeout gets restarted) before they get near your filter. I think it's
> time to call your ISP and get to talk to somebody clueful (probably NOT the
> first person who answers the phone) and tell them to stop the hell sending
> you those packets.
>
> Mind you, it is very curious that everything was working fine before you had
> the reboot. One other thing to check - if you disconnect your gateway box
> from your internal LAN, and fire up the connection, does this still happen ?
> I'm wondering if perhaps there's something one of your internal 'doze boxes
> is doing which is causing these.
>
>
>
>
> Regards,
>
>
>
> Niall
>
> --
> Irish Linux Users' Group: ilug at domain linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at domain linux.ie

-- 
** Chris Higgins                         e: chris.higgins at horizon.ie **
** Technical Business Development        tel: +353-1-6204916            **
** Horizon Technology Group              fax: +353-1-6204949            **

• Next message: Dermot Gorman: "[ILUG] avi to mpg converter"
• Previous message: Niall O Broin: "Re: [ILUG] Sharing a server from two domains"
• Maybe in reply to: Dermot Buckley: "[ILUG] Broadcast packets keeping pppd alive"
• Next in thread: Wynne, Conor: "RE: [ILUG] Broadcast packets keeping pppd alive"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:18 GMT