Re: Cisco EIGRP "Hello"

From: The Saint (gur_fnvag_at_crgvgzbegr.arg)
Date: 12/10/03


Date: 10 Dec 2003 11:52:26 -0600

NeoSadist wrote:

> I'm curious as to what I'm seeing in ethereal lately. I see a lot of EIGRP
>"Hello" packets from 172.28.9x.x, 10.x.x.x, etc. The packets are IP
>packets, always having destination as my multicast (224.0.0.10). There are
>no flags set, Protocol 0x58 (EIGRP), no flags and no sequence numbers. I'm
>seeing this on a machine that only has very specific tcp/udp rules per
>port, with IPTables default policy for all being DROP, and only about 15
>different ports allowed through (and the rules are STRICT). I'm not really
>worried, it's just annoying to see that many, and from what I consider
>"stranger 'puters".

You apparently have (Charter) cable broadband. I'm curious why you
would allow private addresses from the outside into your network. I'm
also curious why you're not using a Linux box as your border firewall/
router.

Also, if you're talking about the ruleset you posted earlier, you
didn't have a default policy set.

> Well anyways, I think they're somehow related to multicast, since they were
>flooding ethereal's logs with the router set to allow multicast to pass
>through, and now with it off, I'm not seeing all this anymore. However, I
>still want to know how to deny multicast to be sent to this machine using
>IPTables, and I'm finding it weird that IPTables just allows those through
>when it's not set to.

It would be easy if you had a Linux box as your border firewall/
router.



Relevant Pages

  • Multicast in hsrp scenario
    ... Multicast query. ... B with routed links between them. ... rA port E0 and rB port E0 and all the switch ports ... All router ports are ...
    (comp.dcom.sys.cisco)
  • Re: Cisco EIGRP "Hello"
    ... always having destination as my multicast. ... > seeing this on a machine that only has very specific tcp/udp rules per ... You are correct that eigrp sends hello packets using protocol 88 to the ... since eigrp is also a protocol rather than a port. ...
    (comp.security.firewalls)
  • Re: Multicast in hsrp scenario
    ... Multicast traffic doesn't use HSRP. ... IP Multicast is just a way to do layer ... which is the MAC address of the router. ... rA port E0 and rB port E0 and all the switch ports ...
    (comp.dcom.sys.cisco)
  • Re: data structure for network protocol
    ... and Leave messages) between hosts and routers and decides which port ... must be added to a list of multicast groups. ... one based on "client" address. ... (port number and interface number will probably be part of these keys, ...
    (comp.programming)
  • Re: Dantz Retrospect, Piton multicast, security, and XP SP2
    ... > jfaughnan@spamcop.net (John Faughnan) wrote: ... It's a multicast address that all Retrospect ... your Internet router won't forward it because it doesn't know ... my AirPort router, ...
    (microsoft.public.windowsxp.general)