Re: Invalid destination address on my firewall logs

In the Usenet newsgroup comp.security.firewalls, in article
<1130586337.956246.174720@f14g2000cwb.googlegroups.com>,
kierankelly@backpacker.com wrote:

>My LAN IP addresses are on the 192.168.254.--- range. I'm blocking
>ports 6346 - 6348 (gnutella et.al.) in the firewall rules.

That's the good news

>My access points keep crashing and the logs from DG832GT are indicating
>a lot of trafic being blocked with a address of 1.0.0.0

Obviously, there is a configuration problem with your access point,
and perhaps with the firewall as well.

>Here is a sample from the logs:
> Fri, 2005-10-28 23:09:14 - UDP Packet - Source:64.233.240.146,6346
>Destination:1.0.0.0,6346 - [gnutella match]

>NNTP-Posting-Host: 212.158.201.80

OK - you are posting from a DSL link in the UK. 64.233.240.146 is
some host apparently in Troy, Michigan, USA (about 25 KM North of
Detroit, or 400 KM East of Chicago). Now, if that packet actually
originated in the USA, any of the backbone routers between the
source and Europe would have dropped it as unroutable. As you
note, 1.0.0.0 doesn't exist, so you can't get there from here.

My guess is that your router is misconfigured and is port-forwarding
this packet under the impression that 1.0.0.0 is another local
address (you have a typo in one configuration).

        Old guy
Received on Mon Nov 21 02:35:11 2005