packets to 169.254.196.189 blocked by firewall

Unanswered Question
Oct 7th, 2009
User Badges:

All,


I am seeing quite a few of the following denied message logs:

Deny udp src inside:10.1.2.166/137 dst outside:169.254.196.189/137 by access-group "inside_access_in"


169.254.196.189 is a well known address. Why would a machine be trying to send to that address?


T.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ahassiotis1 Mon, 10/12/2009 - 01:31
User Badges:

Gentlemen,


It's obvious that this address is not routed.

If you are putting any comments please put technical details in.

The comment "it means you are being attacked" is wrong and not very usefull.


What I have discovered since posting this, is that since we have several domain controllers some of them over site to site VPNs and that since any of them can be used for authentication of a machine entering the network (and for DHCP), some machines on the local network will request authentication from the DC at the remote site (10.20.0.10). In this case the packet arrives at the firewall and is being dropped there.


Thanks

Actions

This Discussion