blocked packets destined to

Unanswered Question
Oct 7th, 2009
User Badges:


I am seeing quite a few of the following denied message logs:

Deny udp src inside: dst outside: by access-group "inside_access_in" is a well known address. Why would a machine be trying to send to that address?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
uzair syed naveed Wed, 10/07/2009 - 04:21
User Badges:


You may want to try to do a packet capture from the paticular source ip to the destination THis way you will see what kind of traffic is being sent / received. once you know this you can analyze

ahassiotis1 Wed, 10/07/2009 - 05:00
User Badges:

My problem is not that the flow is blocked. The problem is that is a non-routed IP that is given by windows when a system doesn't have an IP address configured (or cannot get a DHCP address). So, why is host trying to send traffic to that IP?

Collin Clark Wed, 10/07/2009 - 06:30
User Badges:
  • Purple, 4500 points or more

Occasionally a device gets the 169 address (usually failed DHCP), but once it gets a valid IP it registers to DNS with the 169 address. Check your DNS table and make sure there are no 169 addresses. In this case queries DNS to lookup the IP for SERVER1. DNS reports back 169 and it then goes out the default gateway and you see the drops. It's a long shot, but it does happen!


This Discussion