1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Help needed - Log full of strange records

Discussion in 'Asuswrt-Merlin' started by dhajduch, Feb 22, 2020.

  1. dhajduch

    dhajduch Occasional Visitor

    Joined:
    May 9, 2009
    Messages:
    19
    Hi,

    I run latest Merlin 384.15 firmware and my general log is full of messages like this:

    Feb 23 01:30:55 kernel: DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:21:d8:ca:bb:c0:08:00 SRC=10.8.153.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=19827 PROTO=2
    Feb 23 01:31:05 kernel: DROP IN=eth0 OUT= MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00 SRC=1.54.5.81 DST=10.8.153.40 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=61325 PROTO=TCP SPT=21955 DPT=23 SEQ=3521540367 ACK=0 WINDOW=25509 RES=0x00 SYN URGP=0 OPT (02040582)
    Feb 23 01:31:16 kernel: DROP IN=eth0 OUT= MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00 SRC=62.219.247.242 DST=10.8.153.40 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=4851 PROTO=TCP SPT=18008 DPT=23 SEQ=3170384903 ACK=0 WINDOW=50931 RES=0x00 SYN URGP=0
    Feb 23 01:31:55 kernel: DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:21:d8:ca:bb:c0:08:00 SRC=10.8.153.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=23381 PROTO=2
    Feb 23 01:32:37 kernel: DROP IN=eth0 OUT= MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00 SRC=114.25.19.125 DST=10.8.153.40 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=7375 DF PROTO=TCP SPT=56497 DPT=445 SEQ=1135034104 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405A00103030201010402)
    Feb 23 01:32:50 kernel: DROP IN=eth0 OUT= MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00 SRC=88.212.1.6 DST=10.8.153.40 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=63827 DF PROTO=TCP SPT=11804 DPT=23 SEQ=866950815 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0

    I have no idea from where they comes, and how to identify the root cause. Any idea how to fix it?
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,714
    Location:
    UK
    My guess is that you've turned on the logging of dropped packets in the router's firewall settings.
     
    EventPhotoMan likes this.
  3. Val D.

    Val D. Very Senior Member

    Joined:
    Jun 16, 2019
    Messages:
    1,480
    Or the Skynet script. Wasn't it turning on dropped packets logging automatically?
     
  4. dhajduch

    dhajduch Occasional Visitor

    Joined:
    May 9, 2009
    Messages:
    19
    Thanks for the tips.

    I haven't Skynet installed, I checked firewall logging settings and yes I had dropped packets logging selected. But isn't it strange that I have soo many dropped packets? And even more strane for me is the MAC address reported in the log:

    MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00

    I never seen such log MAC address???
     
  5. appleseed

    appleseed Regular Contributor

    Joined:
    Jun 26, 2010
    Messages:
    105
    Location:
    everywhere
  6. dhajduch

    dhajduch Occasional Visitor

    Joined:
    May 9, 2009
    Messages:
    19
    Hmmm that is pretty strange, I can't find such MAC address in the devices list. Could it be a MAC address of the WAN interface? Usually MAC address has 6 bytes and not 14 bytes. Or am I miss something?
     
  7. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,714
    Location:
    UK
    That's normal traffic. The 14 bytes are the destination and source MAC addresses and the EtherType.

    So because your cable modem is bridged you can see some general multicast traffic from your ISPs's local equipment as well as the usual port scanning attempts from Vietnam, Israel, Taiwan and Slovakia.
     
    Last edited: Feb 23, 2020
    COBOL-Coder likes this.