Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

packets to 169.254.196.189 blocked by firewall

All,

I am seeing quite a few of the following denied message logs:

Deny udp src inside:10.1.2.166/137 dst outside:169.254.196.189/137 by access-group "inside_access_in"

169.254.196.189 is a well known address. Why would a machine be trying to send to that address?

T.

3 REPLIES
Cisco Employee

Re: packets to 169.254.196.189 blocked by firewall

Its a private address range used by windows machines:

http://www.webopedia.com/TERM/A/APIPA.html

New Member

Re: packets to 169.254.196.189 blocked by firewall

it means your network has been attacked!

New Member

Re: packets to 169.254.196.189 blocked by firewall

Gentlemen,

It's obvious that this address is not routed.

If you are putting any comments please put technical details in.

The comment "it means you are being attacked" is wrong and not very usefull.

What I have discovered since posting this, is that since we have several domain controllers some of them over site to site VPNs and that since any of them can be used for authentication of a machine entering the network (and for DHCP), some machines on the local network will request authentication from the DC at the remote site (10.20.0.10). In this case the packet arrives at the firewall and is being dropped there.

Thanks

283
Views
0
Helpful
3
Replies
CreatePlease to create content