ACCESS BLOCK to 224.0.0.1 without source every 2 minutes and 5 seconds
2 2018-10-16 23:17:42 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 3 2018-10-16 23:19:47 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 4 2018-10-16 23:21:52 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 5 2018-10-16 23:23:58 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP
For a few days now, we see the above log entries. We are not
aware of any changes in setup or environment which might have caused
this behavior.
What could be the cause of these entries?
Why is there no source in the log entry?
Device: ZyWALL 310
Firmware: V4.31(AAAB.0)
0
All Replies
-
That traffic is multicast traffic.
Some device on your network is generating it. Try to sniff to see the MAC address and conclude it.
0 -
you can also create an additional secure-policy rule for this destination, denying and no log. So this traffic cannot hit the default rule.
0 -
Hi bernhard,
my Telekom "Speedport Smart W" DSL router produced every 5 minutes the same entry in the log.I got the following recommendation from the zyxel-support:"The default rule is usually not logged, because otherwise you will be pasted with messages that have no relevance in terms of safety."... easy
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight