Strange netmask on PIX logs (712).

Discussion in 'Cisco' started by AM, Feb 25, 2005.

  1. AM

    AM Guest

    Have you ever seen this kind of log?

    UDP request discarded from 147.122.200.41/1265 to outside:255.255.255.255/712 (!!)

    Alex.
     
    AM, Feb 25, 2005
    #1
    1. Advertisements

  2. :Have you ever seen this kind of log?

    :UDP request discarded from 147.122.200.41/1265 to outside:255.255.255.255/712 (!!)

    Can't say I have -- I've never seen Topology Broadcast Based On
    Reverse Path Forwarding (TBRPF) [port 712] packets before.

    I've seen lots of similar messages for -other- UDP ports, especially
    for the ones used by NETBIOS.

    Generally speaking, these kinds of messages occur when a broadcast
    UDP packet is detected on the lowest security interface, and the
    protocol involved is not one that the PIX knows how to handle.

    In your case, the broadcast is to 255.255.255.255. You can end up
    with pretty much the same message for subnet broadcasts.

    An example of a broadcast protocol that the PIX -does- know how to
    handle is RIPv1.

    You may also see similar messages that include the phrase "denied by ACL"
    but which do not indicate -which- ACL is involved. Such messages also
    involve cases where a broadcast packet is received by the PIX itself
    rather than being received on behalf of an IP "through" the PIX.
     
    Walter Roberson, Feb 25, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.