ACCESS BLOCK to 224.0.0.1 without source every 2 minutes and 5 seconds

bernhard
bernhard Posts: 1  Freshman Member
First Anniversary
edited April 2021 in Security
2    2018-10-16 23:17:42                        224.0.0.1             
     notice              secure-policy          ACCESS BLOCK                                    
     Match default rule, DROP
3    2018-10-16 23:19:47                        224.0.0.1             
     notice              secure-policy          ACCESS BLOCK                                    
     Match default rule, DROP
4    2018-10-16 23:21:52                        224.0.0.1             
     notice              secure-policy          ACCESS BLOCK                                    
     Match default rule, DROP
5    2018-10-16 23:23:58                        224.0.0.1             
     notice              secure-policy          ACCESS BLOCK                                    
     Match default rule, DROP
For a few days now, we see the above log entries. We are not aware of any changes in setup or environment which might have caused this behavior.

What could be the cause of these entries?
Why is there no source in the log entry?

Device: ZyWALL 310
Firmware: V4.31(AAAB.0)

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    That traffic is multicast traffic.
    Some device on your network is generating it. Try to sniff to see the MAC address and conclude it.

     
  • Line2
    Line2 Posts: 40  Freshman Member
    First Answer First Comment Friend Collector First Anniversary
    you can also create an additional secure-policy rule for this destination, denying and no log. So this traffic cannot hit the default rule.
  • inl1ner
    inl1ner Posts: 1  Freshman Member
    First Comment
    Hi bernhard,

    my Telekom "Speedport Smart W" DSL router produced every 5 minutes the same entry in the log.
    I got the following recommendation from the zyxel-support:
    "The default rule is usually not logged, because otherwise you will be pasted with messages that have no relevance in terms of safety."
    ... easy




Security Highlight