Hello,
I have a stupid cable modem from Spectrum (formerly Time Warner Cable). I have limited options for configuring the built-in firewall. I have, under the WAN-TO-LAN section, ICMP blocked for IPv4 and IPv6.
On my Linux box, I see a ton of these messages:
and a few of these:
I'm still in the process of learning about IPv6. I believe port 5353 UDP is for Bonjour. I'm running OpenSuSE (Tumbleweed) and thought I disabled the Bonjour service. I have no need for it.
For the SRC address, for the ICMPv6 packets, the fe80....doesn't that mean it's a link-local address and is non-routable? What exactly does that mean? Is it sort of like a local loopback (127.0.0.1)?
This is what ifconfig shows:
I'm not really sure what ff02:0000:0000:0000:0000:0000:0000:00fb is and why I'm seeing it through dmesg on my OpenSuSE Tumbleweed box. Any ideas? Notice I have an fe80 address, but it's not the same address that dmesg is showing.
Is my machine somehow pinging another machine out there or something? Any help would be greatly appreciated.
**EDIT: I think that MAC address, 33:33.... has something to do with multicast. It's been a while, but isn't multicast where I can send packets to unknown sources? Essentially, send a packet to everyone on the network? Not really sure why I'd be doing that or if my wife's cell phone, tablet, laptop or the customer's Mac is somehow sending them out. I'd like to track this down. It's a bit worrisome.
Thank you.
I have a stupid cable modem from Spectrum (formerly Time Warner Cable). I have limited options for configuring the built-in firewall. I have, under the WAN-TO-LAN section, ICMP blocked for IPv4 and IPv6.
On my Linux box, I see a ton of these messages:
Code:
[ 678.503434] SFW2-INext-DROP-DEFLT IN=enp5s0 OUT= MAC=33:33:00:00:00:fb:00:11:24:c5:31:4e:86:dd SRC=fe80:0000:0000:0000:0211:24ff:fec5:314e DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=72 TC=0 HOPLIMIT=1 FLOWLBL=0 OPT ( ) PROTO=ICMPv6 TYPE=131 CODE=0
Code:
[ 1105.809174] SFW2-INext-DROP-DEFLT IN=enp5s0 OUT= MAC= SRC=fe80:0000:0000:0000:0224:1dff:fe80:1b73 DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=88 TC=0 HOPLIMIT=1 FLOWLBL=646285 PROTO=UDP SPT=5353 DPT=5353 LEN=48
For the SRC address, for the ICMPv6 packets, the fe80....doesn't that mean it's a link-local address and is non-routable? What exactly does that mean? Is it sort of like a local loopback (127.0.0.1)?
This is what ifconfig shows:
Code:
enp5s0 Link encap:Ethernet HWaddr 00:24:1D:80:1B:73
inet addr:192.168.2.5 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: 2604:6000:d2c2:a400:9c58:6d75:755e:a4d7/64 Scope:Global
inet6 addr: 2604:6000:d2c2:a400::1/64 Scope:Global
inet6 addr: 2604:6000:d2c2:a400:224:1dff:fe80:1b73/64 Scope:Global
inet6 addr: fe80::224:1dff:fe80:1b73/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30756 errors:0 dropped:2 overruns:0 frame:0
TX packets:23366 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22579555 (21.5 Mb) TX bytes:3616189 (3.4 Mb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Is my machine somehow pinging another machine out there or something? Any help would be greatly appreciated.
**EDIT: I think that MAC address, 33:33.... has something to do with multicast. It's been a while, but isn't multicast where I can send packets to unknown sources? Essentially, send a packet to everyone on the network? Not really sure why I'd be doing that or if my wife's cell phone, tablet, laptop or the customer's Mac is somehow sending them out. I'd like to track this down. It's a bit worrisome.
Thank you.
Comment