Firewall Blocking Traffic from 255.255.255.255?
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Firewall Blocking Traffic from 255.255.255.255?

  1. #1
    Junior Member
    Join Date
    Aug 2003
    Posts
    4

    Firewall Blocking Traffic from 255.255.255.255?

    Hi,

    I'm new here, and I don't really understand alot about firewall activity, so I was hoping someone might be able to help me with this. I keep getting bombarded with the following message:

    McAfee Firewall automatically blocked incoming traffic from IP address 255.255.255.255. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 17 [UDP]. The remote address associated with the traffic was 10.40.224.1. The network adapter for the traffic was "Intel(R) PRO/100 VE Network Connection".

    I'm not sure how long my firewall has been blocking the attempts, but I just got cable two weeks ago, and I've been checking the activity logs alot more since then. I'm starting to get pretty worried, because today alone, there have been 422 entries like that in the last 8 1/2 hours. Also, I never configured my firewall to block traffic from that address, although the message says I did.

    Could somebody tell me what's happening, and if there's anything I can do to stop it? I'd really appreciate any info you can provide!

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    Protocol 17 is udp and I believe protocol 6 is TCP
    the dst address is 255.255.255.255 (broadcast)
    Now the only thing that you do not know is
    what application using UDP was hitting your PC..

    I would make an educated guess and say especially
    in windows environment that these packets are netbios UDP
    broadcast packets that windows every so often sends out..
    Depending on flavor of windows, it might just be a PC advertising
    its computer name,as what windows OS's do..

    To be on the safe side, install a protocol analyzer,,gosh there are so many
    out there,,,search the threads on popular ones/download sites..
    I would recommend Ethereal, however I do not want to start a holy war
    Im sure there are alot other ones just as good if not better,,lol
    http://www.ethereal.com/

    Cheers..

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Are you on a network, because what it sounds like is a broadcast like gunit was saying.

    I get thoughs some times on my network but its from my router, or another PC on my lan.
    =

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    Your right cheyenne, it might also be dhcp broadcast packets if router
    was set up as dhcp server..DHCP also uses UDP...

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Yeah thats what I was thinking because the IP he gave us 10.40.224.1 sounds like a private address assigned to netwoks.
    =

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    Also cheyenne

    If he was using cable modem. which is a bridge/same broadcast domain
    and the fact that w/cable modems you are on same broadcast domain as a whole bunch of other users in your neighborhood, it is also possible to see the netbios/UDP broadcasts,,,

    That's one flaw or disadvantage w/cable modems,,,,
    shared bandwidth as well as shared broadcast domain,....

    Dont get me wrong I luv mines...lol

  7. #7
    Junior Member
    Join Date
    Aug 2003
    Posts
    4
    Thanks for all the information gunit0072003 and cheyenne1212. I only wish I understood half of it. Iím embarrassed to say that this kind of technical stuff goes right over my head. I went to ethereal.com and didnít understand the introduction, so I figured I better not mess with it. Is there any way you can suggest what I should do in laymanís terms, for someone who has a hard time grasping all this? Thanks again!

    karin

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    kja> don't worry about it. You don't need the packets so just let the firewall block them. Thats about as good as you can get in laymens terms
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    Member
    Join Date
    Aug 2003
    Posts
    49
    Lets just sum this thread up that firewall might be complicated for you since you said this technical stuff goes right over your head my advice is to take these simple newbie steps ........ Go to this link to get all of these free or trial softwares i use ......http://download.com.com/2001-20-0.html and type in the search bar for these following softwares 1.OUTPOSTl2.SPYBOT 3.regcleaner this is probably a tracking cookie from a dirty site you picked up on running as ROOT or aka adminastrator these softwares are justa couple of easy steps to keeping your box cleaner than it was
    Spread Firefox.

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    There is no need to block packets with a broadcast source or destination. They won't be routed over the internet anyway.

    Packets with a network broadcast destination should however be blocked at the router to prevent your network being used as a smurf amplifier.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides