Under Attack

Discussion in 'other firewalls' started by Searching_ _ _, Jan 10, 2009.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Apparently I am under attack by the Black hole at IANA.

    The protocol is UDP, sometimes using IGMP, source and destination addresses are 169.254.1.*, source ports 20k 30k and 60k, destination ports are 5000 and 20k

    This is everyday filling my logs.

    What is really happening?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    is it related to yahoo chats ?or did you change any configuration with your router if you happen to have one?
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Don't use chats.
    Router configs- changed from WEP to WPA2 and other improved security enhancements like disable PnP.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    How about p2p?

    Unless you're being unbelievably bombarded with tens of thousands of hits, I'd not worry bout it. It'll go away in time, whatever it is....
     
  5. wat0114

    wat0114 Guest

    by the looks of it, someone is not able to obtain a valid ip address, thus the reason for the first two octets of 169.254. it may be someone elses wireless nic attempting to obtain the ip from your router. Just one of a few guesses. I'd say it's nothing to worry about.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Indeed. 169.254 is the zero-config IP, self-assigned by (usually) MS machines when they can't obtain IP by DHCP or otherwise. So you must have another machine on your segment that can't get a valid IP and uses this one and then sends discovery packets all over the place.
    Mrk
     
Thread Status:
Not open for further replies.