Strange Traffic

Discussion in 'other firewalls' started by sir_carew, Apr 1, 2004.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    I'm using Sygate Personal Firewall PRO 5.5.
    In the traffic log I've many entries about the same IP.
    The IP in question is: 10.100.143.254 and the protocol is: UDP, Direction: Incoming, Severity: 15.
    I've back traced the information and it's: OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 10.0.0.0 - 10.255.255.255
    CIDR: 10.0.0.0/8
    NetName: RESERVED-10
    NetHandle: NET-10-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 1918 for additional information.
    Comment:
    RegDate:
    Updated: 2002-09-12

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org

    # ARIN WHOIS database, last updated 2004-03-31 19:15
    # Enter ? for additional hints on searching ARIN's WHOIS database.

    Can anybody has a idea about that?
    Thanks.
    PS: None of my aplicattions has server rights.
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    The log.
     

    Attached Files:

  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi sir_carew

    Log entry (abbreviated):
    03/30/2004 18:14:51, Blocked Incoming UDP, 10.100.143.254 67, 255.255.255.255 68

    The source address (10.100.143.254) is in a range reserved for private networks:
    "Private Use" IP addresses:
    10.0.0.0 - 10.255.255.255
    172.16.0.0 - 172.31.255.255
    192.168.0.0 - 192.168.255.255" - iana

    The destination address (255.255.255.255) is a broadcast address.

    The source and destination ports 67/bootps and 68/bootpc are part of DHCP and obtaining dynamic IP address from a DHCP server.

    Are you on a LAN? If not, are you on cable? Cable users will sometimes see these broadcasts blocked by their firewalls. Nothing to worry about.

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.