ACCESS BLOCK to 224.0.0.1 without source every 2 minutes and 5 seconds

bernhard
bernhard Posts: 1
edited April 14 in Security
2    2018-10-16 23:17:42                        224.0.0.1             
     notice              secure-policy          ACCESS BLOCK                                    
     Match default rule, DROP
3    2018-10-16 23:19:47                        224.0.0.1             
     notice              secure-policy          ACCESS BLOCK                                    
     Match default rule, DROP
4    2018-10-16 23:21:52                        224.0.0.1             
     notice              secure-policy          ACCESS BLOCK                                    
     Match default rule, DROP
5    2018-10-16 23:23:58                        224.0.0.1             
     notice              secure-policy          ACCESS BLOCK                                    
     Match default rule, DROP
For a few days now, we see the above log entries. We are not aware of any changes in setup or environment which might have caused this behavior.

What could be the cause of these entries?
Why is there no source in the log entry?

Device: ZyWALL 310
Firmware: V4.31(AAAB.0)

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    That traffic is multicast traffic.
    Some device on your network is generating it. Try to sniff to see the MAC address and conclude it.

     
  • Line2
    Line2 Posts: 40  Freshman Member
    you can also create an additional secure-policy rule for this destination, denying and no log. So this traffic cannot hit the default rule.
  • Hi bernhard,

    my Telekom "Speedport Smart W" DSL router produced every 5 minutes the same entry in the log.
    I got the following recommendation from the zyxel-support:
    "The default rule is usually not logged, because otherwise you will be pasted with messages that have no relevance in terms of safety."
    ... easy




Security Highlight