ACCESS BLOCK to 224.0.0.1 without source every 2 minutes and 5 seconds
2 2018-10-16 23:17:42 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 3 2018-10-16 23:19:47 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 4 2018-10-16 23:21:52 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP 5 2018-10-16 23:23:58 224.0.0.1 notice secure-policy ACCESS BLOCK Match default rule, DROP
For a few days now, we see the above log entries. We are not
aware of any changes in setup or environment which might have caused
this behavior.
What could be the cause of these entries?
Why is there no source in the log entry?
Device: ZyWALL 310
Firmware: V4.31(AAAB.0)
0
All Replies
-
That traffic is multicast traffic.
Some device on your network is generating it. Try to sniff to see the MAC address and conclude it.
0 -
you can also create an additional secure-policy rule for this destination, denying and no log. So this traffic cannot hit the default rule.
0 -
Hi bernhard,
my Telekom "Speedport Smart W" DSL router produced every 5 minutes the same entry in the log.I got the following recommendation from the zyxel-support:"The default rule is usually not logged, because otherwise you will be pasted with messages that have no relevance in terms of safety."... easy
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight