ACCESS BLOCK to 224.0.0.1 without source every 2 minutes and 5 seconds
Options
2 2018-10-16 23:17:42 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 3 2018-10-16 23:19:47 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 4 2018-10-16 23:21:52 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 5 2018-10-16 23:23:58 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP
For a few days now, we see the above log entries. We are not
aware of any changes in setup or environment which might have caused
this behavior.
What could be the cause of these entries?
Why is there no source in the log entry?
Device: ZyWALL 310
Firmware: V4.31(AAAB.0)
0
All Replies
-
That traffic is multicast traffic.
Some device on your network is generating it. Try to sniff to see the MAC address and conclude it.
0 -
you can also create an additional secure-policy rule for this destination, denying and no log. So this traffic cannot hit the default rule.
0 -
Hi bernhard,
my Telekom "Speedport Smart W" DSL router produced every 5 minutes the same entry in the log.I got the following recommendation from the zyxel-support:"The default rule is usually not logged, because otherwise you will be pasted with messages that have no relevance in terms of safety."... easy
0
Categories
- All Categories
- 413 Beta Program
- 2.3K Nebula
- 192 Nebula Ideas
- 87 Nebula Status and Incidents
- 5.3K Security
- 142 USG FLEX H Series
- 253 Security Ideas
- 1.3K Switch
- 75 Switch Ideas
- 993 Wireless
- 51 Wireless Ideas
- 6.1K Consumer Product
- 231 Service & License
- 362 News and Release
- 74 Security Advisories
- 23 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 101 About Community
- 67 Security Highlight