Firewall Log Help,wat it

Discussion in 'other firewalls' started by pradeepchandar, Jul 22, 2008.

Thread Status:
Not open for further replies.
  1. pradeepchandar

    pradeepchandar Registered Member

    Joined:
    Jul 22, 2008
    Posts:
    3
    I had a strange log in my firewall that, one IP is pulling out an udp connection from my server. When I check with the whois or some lookups it was an IP theat was registered for "IANA Special Use" I wanna check which IP was that, 227.2.3.7. I wanna know whether it was an ordinary update IP for any software update. How can I figure it out..
    I also wanna Know how and which of my application is making that connection and had to prevent it if suspicious. How can I Find it out.
     
  2. OSPA

    OSPA Registered Member

    Joined:
    Jul 22, 2008
    Posts:
    5
    Location:
    Barstow, CA
    Anything within the range of 224.0.0.0 - 239.255.255.255 is reserved for multicast use, and is most likely coming from your router or another host on your network. IANA reserved addresses should not appear on the internet (normally), and have restricted usage. Another example is the loopback addresses of 127.0.0.0 - 127.255.255.255.

    For technical background, take a look at RFC 1112 and RFC 2236.
     
    Last edited: Jul 22, 2008
Loading...
Thread Status:
Not open for further replies.