Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Help with Windows firewall log

Posted on 2008-11-03
2
Medium Priority
?
1,351 Views
Last Modified: 2013-11-16
Hi Experts:
I have this firewall log which I don't quite understand.
Could someone explain to me why there is so many dropped UDP connections from 0.0.0.0 to 255.255.255.255? My server IP address is 192.29.116.25
Also,why is this ip 192.29.116.22  try to connec to 192.168.116.255?

Thanks


#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
2008-11-03 00:00:11 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:00:15 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:00:18 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:00:48 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:00:50 DROP UDP 192.29.116.61 255.255.255.255 1045 427 84 - - - - - - - RECEIVE
2008-11-03 00:00:51 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:01:16 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:01:20 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:02:33 DROP UDP 192.29.116.22 192.29.116.255 520 520 52 - - - - - - - RECEIVE
2008-11-03 00:02:54 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:02:58 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:03:00 DROP UDP 0.0.0.0 255.255.255.255 68 67 328 - - - - - - - RECEIVE
2008-11-03 00:03:03 DROP UDP 192.29.116.22 192.29.116.255 520 520 52 - - - - - - - RECEIVE
0
Comment
Question by:changjia
2 Comments
 
LVL 27

Accepted Solution

by:
Tolomir earned 1800 total points
ID: 22871574
Well actually you firewall is dropping DHCP requests

Requests are on UDP port 68, Server replies on UDP 67

When a computer boots up it has no ip so it uses 0.0.0.0 and asks ervyone 255.255.255.255 for help.


--> harmless
---

http://www.tcpipguide.com/free/t_RIPGeneralOperationMessagingandTimers.htm

192.29.116.22 tries to send routing information to your subnet. You should check this, could be someone causing trouble...



Tolomir
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 200 total points
ID: 22904406
Agree.

Cheers,
Rajesh
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question