What's new

Help needed - Log full of strange records

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dhajduch

Occasional Visitor
Hi,

I run latest Merlin 384.15 firmware and my general log is full of messages like this:

Feb 23 01:30:55 kernel: DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:21:d8:ca:bb:c0:08:00 SRC=10.8.153.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=19827 PROTO=2
Feb 23 01:31:05 kernel: DROP IN=eth0 OUT= MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00 SRC=1.54.5.81 DST=10.8.153.40 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=61325 PROTO=TCP SPT=21955 DPT=23 SEQ=3521540367 ACK=0 WINDOW=25509 RES=0x00 SYN URGP=0 OPT (02040582)
Feb 23 01:31:16 kernel: DROP IN=eth0 OUT= MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00 SRC=62.219.247.242 DST=10.8.153.40 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=4851 PROTO=TCP SPT=18008 DPT=23 SEQ=3170384903 ACK=0 WINDOW=50931 RES=0x00 SYN URGP=0
Feb 23 01:31:55 kernel: DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:21:d8:ca:bb:c0:08:00 SRC=10.8.153.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=23381 PROTO=2
Feb 23 01:32:37 kernel: DROP IN=eth0 OUT= MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00 SRC=114.25.19.125 DST=10.8.153.40 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=7375 DF PROTO=TCP SPT=56497 DPT=445 SEQ=1135034104 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405A00103030201010402)
Feb 23 01:32:50 kernel: DROP IN=eth0 OUT= MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00 SRC=88.212.1.6 DST=10.8.153.40 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=63827 DF PROTO=TCP SPT=11804 DPT=23 SEQ=866950815 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0

I have no idea from where they comes, and how to identify the root cause. Any idea how to fix it?
 
Or the Skynet script. Wasn't it turning on dropped packets logging automatically?
 
Thanks for the tips.

I haven't Skynet installed, I checked firewall logging settings and yes I had dropped packets logging selected. But isn't it strange that I have soo many dropped packets? And even more strane for me is the MAC address reported in the log:

MAC=b0:6e:bf:e2:26:80:00:21:d8:ca:bb:c0:08:00

I never seen such log MAC address???
 
Hmmm that is pretty strange, I can't find such MAC address in the devices list. Could it be a MAC address of the WAN interface? Usually MAC address has 6 bytes and not 14 bytes. Or am I miss something?
 
Hmmm that is pretty strange, I can't find such MAC address in the devices list. Could it be a MAC address of the WAN interface? Usually MAC address has 6 bytes and not 14 bytes. Or am I miss something?
That's normal traffic. The 14 bytes are the destination and source MAC addresses and the EtherType.

So because your cable modem is bridged you can see some general multicast traffic from your ISPs's local equipment as well as the usual port scanning attempts from Vietnam, Israel, Taiwan and Slovakia.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top