Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
0
Helpful
3
Replies

packets to 169.254.196.189 blocked by firewall

ahassiotis1
Level 1
Level 1

‎10-07-2009 12:12 AM

All,

I am seeing quite a few of the following denied message logs:

Deny udp src inside:10.1.2.166/137 dst outside:169.254.196.189/137 by access-group "inside_access_in"

169.254.196.189 is a well known address. Why would a machine be trying to send to that address?

T.

Labels:
0 Helpful
3 Replies 3

auraza
Cisco Employee
Cisco Employee

‎10-08-2009 10:45 AM

Its a private address range used by windows machines:

http://www.webopedia.com/TERM/A/APIPA.html

0 Helpful

jiaowenbin
Level 1
Level 1

‎10-10-2009 12:56 AM

it means your network has been attacked!

0 Helpful

ahassiotis1
Level 1
Level 1
In response to jiaowenbin

‎10-12-2009 01:31 AM

Gentlemen,

It's obvious that this address is not routed.

If you are putting any comments please put technical details in.

The comment "it means you are being attacked" is wrong and not very usefull.

What I have discovered since posting this, is that since we have several domain controllers some of them over site to site VPNs and that since any of them can be used for authentication of a machine entering the network (and for DHCP), some machines on the local network will request authentication from the DC at the remote site (10.20.0.10). In this case the packet arrives at the firewall and is being dropped there.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents