Strange netmask on PIX logs (712).

Have you ever seen this kind of log?

UDP request discarded from 147.122.200.41/1265 to outside:255.255.255.255/712 (!!)

Alex.

 

:Have you ever seen this kind of log?

:UDP request discarded from 147.122.200.41/1265 to outside:255.255.255.255/712 (!!)

Can't say I have -- I've never seen Topology Broadcast Based On
Reverse Path Forwarding (TBRPF) [port 712] packets before.

I've seen lots of similar messages for -other- UDP ports, especially
for the ones used by NETBIOS.

Generally speaking, these kinds of messages occur when a broadcast
UDP packet is detected on the lowest security interface, and the
protocol involved is not one that the PIX knows how to handle.

In your case, the broadcast is to 255.255.255.255. You can end up
with pretty much the same message for subnet broadcasts.

An example of a broadcast protocol that the PIX -does- know how to
handle is RIPv1.

You may also see similar messages that include the phrase "denied by ACL"
but which do not indicate -which- ACL is involved. Such messages also
involve cases where a broadcast packet is received by the PIX itself
rather than being received on behalf of an IP "through" the PIX.