Strange network traffic??

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Apr 18 00:10:07 PDT 2003


On Thu, Apr 17, 2003 at 10:27:57PM -0400, Dragoncrest wrote:
> 	Hi all.  Just a few weeks back I started noticing this traffic 
> 	showing up on my lan and I have no idea how to explain it.  Using trafshow 
> I get the from address as my router gateway for our connection coming in 
> from our provider, and destination as OSPF-ALL.MCAST.NET, the protocol is 
> OSPF, and it's only sending about 80 bytes of data every 30 seconds to a 
> minute or so.  It's obviously not internal network traffic as source and 
> destination are not internal, yet these show up on my machine when I'm 
> monitoring the network.  Any suggestions, ideas, or thoughts as to what the 
> heck this is??

OSPF "Open Shortest Path First" is a routing protocol -- pretty much
harmless in itself.  It's not supported by default on FreeBSD,
although you can install gated or zebra from ports if you wish to use
it.  

If the source is outside your LAN, then you need to review your
firewalls and border routers.  Multicast traffic shouldn't be allowed
to come into your network unless specifically required.  Usually,
that's not a problem as you have to run mrouted(8) or equivalent to
pass the multicast traffic through a router.  Note that mrouted(8) can
use IP-in-IP tunnelling to pull multicast traffic in from an arbitrary
external site, so a) mrouted doesn't have to run on the border router
itself and b) just filtering out the multicast netblock at the
firewall may not be enough.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030418/0bc1f266/attachment.bin


More information about the freebsd-questions mailing list