LnS 2.05 blocks "protocol:89"

Discussion in 'LnS English Forum' started by Thomas M, Jan 5, 2004.

Thread Status:
Not open for further replies.
  1. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Now here is something for the experts:

    After downloading/installing a recommended "ASIX AX88172 USB2 to Fast Ethernet Adapter" driver update (this is for my Notebook docking station) from the official MS-Update site, my LnS 2.05b shows continous logs with the following entries:

    Rule: IP: Block all other packets
    direction: Internet >> PC
    Type: IP
    source: gate.mydomain.com=134.xxx.xx.x
    destination: 224.0.0.5
    Protocol:89

    I am using advanced mode with DLL detection and protocol filtering on a Win2k-SP4 notebook.

    My 1. question: What is this protocol? I have never seen it before.
    My 2. question: How can I get rid of these log entries?

    Thanks for help,
    Thomas :)
     
  2. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    For now I have created a simple rule on top of the "IP:block all other packets" to specifically block, but not log these kind of packets to 224.0.0.5 (OSPF-ALL.MCAST.NET=224.0.0.5).

    However, I would like to know what this local network traffic is... and why it came up just after downloading the latest driver for my docking station network card.
    The traffic direction is "internet -> PC", but the destination MAC address in my LnS-logs is different from the MAC address in the docking station...at least from what LnS tells me in the window called "network interfaces". So maybe this is just traffic passing to another computer in our LAN?

    Thomas :)
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    :)

    Hey Thomas M

    Visit http://www.iana.org/assignments/protocol-numbers and do a Protocol Number search :)
     
  4. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    PhantOm,

    Thanks for the link :)

    So the IP protocol #89 is officially called "OSPFIGP",
    whereas IP protocol #1 is called "ICMP"
    and IP protocol #6 is the good old "TCP" :cool:

    Hmm, what is "OSPFIGP" o_O
    According to one webpage "OSPF is classified as an Interior Gateway Protocol (IGP). This means that it distributes routing information between routers belonging to a single Autonomous System."

    From this definition I would say that my LnS logs some sort of internal traffic between my notebooks USB 2.0 port and the connected network card in my docking station, correct?

    If this is true, then someone else who uses a docking station or even uses a simple router should make the same observations in the logs of LnS...
    So is there anybody out there who can confirm my observations :rolleyes:

    Thanks,
    Thomas :)

    To be correct: My "docking station " is rather a USB 2.0 port replicator, which includes a monitor and a LAN cable connector.
     
  5. pr0t0c0l

    pr0t0c0l Guest

    Re: LnS 2.05 blocks "protocol:89"

    Could'nt help but notice. Yes protocol 89 is OSPF it 's used for OSPF routing updates, and hello's all updates are sent to 224.0.0.5 (multicast).
    looks like one of the routers on your network is running OSPF and your firewall is logging it's traffic, hence it came from your gateway.
    run ethereal on your system and watch the packets, you'll see routing updates and hellos where your routers are talking to one another.
     
  6. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Re: LnS 2.05 blocks "protocol:89"

    Thanks a lot for the info :)

    Thomas :)
     
Thread Status:
Not open for further replies.