August 24th, 2003 04:32 AM
Firewall Blocking Traffic from 255.255.255.255?
I'm new here, and I don't really understand alot about firewall activity, so I was hoping someone might be able to help me with this. I keep getting bombarded with the following message:
McAfee Firewall automatically blocked incoming traffic from IP address 255.255.255.255. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 17 [UDP]. The remote address associated with the traffic was 10.40.224.1. The network adapter for the traffic was "Intel(R) PRO/100 VE Network Connection".
I'm not sure how long my firewall has been blocking the attempts, but I just got cable two weeks ago, and I've been checking the activity logs alot more since then. I'm starting to get pretty worried, because today alone, there have been 422 entries like that in the last 8 1/2 hours. Also, I never configured my firewall to block traffic from that address, although the message says I did.
Could somebody tell me what's happening, and if there's anything I can do to stop it? I'd really appreciate any info you can provide!
August 24th, 2003 04:58 AM
Protocol 17 is udp and I believe protocol 6 is TCP
the dst address is 255.255.255.255 (broadcast)
Now the only thing that you do not know is
what application using UDP was hitting your PC..
I would make an educated guess and say especially
in windows environment that these packets are netbios UDP
broadcast packets that windows every so often sends out..
Depending on flavor of windows, it might just be a PC advertising
its computer name,as what windows OS's do..
To be on the safe side, install a protocol analyzer,,gosh there are so many
out there,,,search the threads on popular ones/download sites..
I would recommend Ethereal, however I do not want to start a holy war
Im sure there are alot other ones just as good if not better,,lol
August 24th, 2003 05:09 AM
Are you on a network, because what it sounds like is a broadcast like gunit was saying.
I get thoughs some times on my network but its from my router, or another PC on my lan.
August 24th, 2003 05:11 AM
Your right cheyenne, it might also be dhcp broadcast packets if router
was set up as dhcp server..DHCP also uses UDP...
August 24th, 2003 05:16 AM
Yeah thats what I was thinking because the IP he gave us 10.40.224.1 sounds like a private address assigned to netwoks.
August 24th, 2003 05:20 AM
If he was using cable modem. which is a bridge/same broadcast domain
and the fact that w/cable modems you are on same broadcast domain as a whole bunch of other users in your neighborhood, it is also possible to see the netbios/UDP broadcasts,,,
That's one flaw or disadvantage w/cable modems,,,,
shared bandwidth as well as shared broadcast domain,....
Dont get me wrong I luv mines...lol
August 26th, 2003 11:15 PM
Thanks for all the information gunit0072003 and cheyenne1212. I only wish I understood half of it. Iím embarrassed to say that this kind of technical stuff goes right over my head. I went to ethereal.com and didnít understand the introduction, so I figured I better not mess with it. Is there any way you can suggest what I should do in laymanís terms, for someone who has a hard time grasping all this? Thanks again!
August 26th, 2003 11:36 PM
kja> don't worry about it. You don't need the packets so just let the firewall block them. Thats about as good as you can get in laymens terms
\"Ignorance is bliss....
but only for your enemy\"
August 26th, 2003 11:46 PM
Lets just sum this thread up that firewall might be complicated for you since you said this technical stuff goes right over your head my advice is to take these simple newbie steps ........ Go to this link to get all of these free or trial softwares i use ......http://download.com.com/2001-20-0.html and type in the search bar for these following softwares 1.OUTPOSTl2.SPYBOT 3.regcleaner this is probably a tracking cookie from a dirty site you picked up on running as ROOT or aka adminastrator these softwares are justa couple of easy steps to keeping your box cleaner than it was
August 27th, 2003 12:02 AM
There is no need to block packets with a broadcast source or destination. They won't be routed over the internet anyway.
Packets with a network broadcast destination should however be blocked at the router to prevent your network being used as a smurf amplifier.