RV016 System Strange Log Messages

Unanswered Question

I have RV016 running on 3.0.0.1-tm. I noticed this in my System Log



Dec 10 01:24:58 2009   Blocked   MAC 00-18-19-xx-xx-xx is in the allowed list, but has wrong IP.
Dec 10 01:25:01 2009   Blocked   MAC 00-1f-d0-xx-xx-xx is in the allowed list, but has wrong IP.
Dec 10 01:25:01 2009   Blocked   MAC 00-18-19-xx-xx-xx is in the allowed list, but has wrong IP.
Dec 10 01:25:35 2009   Blocked   MAC 00-21-e9-xx-xx-xx is in the allowed list, but has wrong IP.
Dec 10 01:25:35 2009   Blocked   MAC 00-18-19-xx-xx-xx is in the allowed list, but has wrong IP.



I checked phisically on both machines (00-18-19-xx-xx-xx and 00-1f-d0-xx-xx-xx) and their IP is correct according to DHCP. Why am I getting this messages?

One of the MAC abve is of my machine that typing this from and its IP is ok.


I do have "Block MAC adress on the list with wrong IP address" selected (only)


Another thing is that I have a tooooons of these. Why is that?



Dec 10 01:41:01 2009   Blocked - IP Spoofing   UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1
Dec 10 01:41:02 2009   Blocked - IP Spoofing   UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1
Dec 10 01:41:02 2009   Blocked - IP Spoofing   UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1
Dec 10 01:41:05 2009   Blocked - IP Spoofing   UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1
Dec 10 01:41:05 2009   Blocked - IP Spoofing   UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1
Dec 10 01:41:08 2009   Blocked - IP Spoofing   UDP x.x.x.101:1900->239.255.255.250:1900 on ixp1
Dec 10 01:41:09 2009   Blocked - IP Spoofing   UDP x.x.x.101:55831->239.255.255.250:1900 on ixp1
Dec 10 01:41:09 2009   Blocked - IP Spoofing   UDP x.x.x.101:55831->239.255.255.250:1900 on ixp1
Dec 10 01:41:12 2009   Blocked - IP Spoofing   UDP x.x.x.101:55831->239.255.255.250:1900 on ixp1



x.x.x.101 is ip of my machine. Please look @ the frequency of these messages.

I think it is the same with latest firmware version 3.0.0.19) but I can't run it since this device becomes very sloow when multicast trafick is going trough it.

There is another post about this here by me describing this

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rezstudios Tue, 01/04/2011 - 01:05
User Badges:


I'm running on an RV042, firmware 1.3.12.19-tm, and I'm getting the same errors stating "MAC XX-XX-XX-XX-XX-XX is in the allowed list, but has wrong IP." My logs get filled with these errors. I have confirmed that the correct MAC addresses are entered with the respective IP addresses, but the problem persists.


I also use static addresses on my LAN with the options selected for "Block MAC address on the list with wrong IP address" and "Block MAC address not on the list."

I read elsewhere on these forums to reduce the number of static entries to thirty or less, which I have done, but the problem remains.
gosonet45 Tue, 07/26/2011 - 09:36
User Badges:

We're having the same problem on a network here.  A workstation is having the exact same issue:

Jul 26 01:05:44 2011   Blocked - IP Spoofing   UDP X.X.X.X:1900->239.255.255.250:1900 on ixp1



Additionally we're seeing:

Jul 26 10:41:49 2011   Connection Refused - Policy violation   TCP 74.125.93.104:80->X.X.X.X:64675 on ixp1



Would really like some clarification and help resolving these issues as it turns out that the second one results in many websites not being able to be used by the workstation.  It's a Mac OS X workstation and is not suspect to any infections nor problems.

jasbryan Tue, 07/26/2011 - 13:17
User Badges:
  • Silver, 250 points or more

Hi,


Just reading the logs; the logs show that the router blocked a spoof ip address. It gives the source address and destination; basically ip spoofing is an IP packet with a forged source ip. So if the router sees different forged packets it will block this packet and log this information showing the source and destination. Also when a private address originates though WAN, this is also considered IP spoofing.


For indepth information on IP SPOOFING you can go to link below,


http://en.wikipedia.org/wiki/IP_address_spoofing


The second log shows the router refused a connection based on ACL’s inside the router. Show a tcp packet coming from Public address on port 80 with a destination of X.X.X.X port 64675 on xpi. In default ACL’s all traffic from wan to LAN is blocked unless otherwise specified

.Which table is being displayed (outgoing table or incoming table) some information might vary depending on which log table we are looking at.

Thanks,

Jasbryan

Cisco Support Engineer

.:|:.:|:.

Actions

This Discussion