PDA

Bekijk de volledige versie : Bogus klogd errors?



erik_bies
17-04-2004, 20:41
Hi,
I'm getting each 2 minutes a klogd errors. It comes from a 'private' IP, and it just keeps repeating. When I search the inet, I find this reference (with same MAC...). BTW. I use custom firmware - 1.7.5.6-1 from Oleg


http://lists.debian.org/debian-user/2002/debian-user-200204/msg00411.html



"Just disable the multicasting & mroute support in your kernel
configuration. If you have "/sbin/mrouted" installed on your
system, delete the appropriate package."


There are a bung of reported questions, but not many clear answers
http://www.google.com/search?q=%22DST%3D224.0.0.1+LEN%3D28+TOS%3D0x00+PR EC%3D0x00+TTL%3D1%22&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=10&sa=N




Apr 16 20:10:40 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=12839 PROTO=2
Apr 16 20:12:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=14637 PROTO=2
Apr 16 20:14:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=16435 PROTO=2
Apr 16 20:16:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=18235 PROTO=2
Apr 16 20:18:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=20035 PROTO=2
Apr 16 20:20:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=21834 PROTO=2
Apr 16 20:22:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=23633 PROTO=2
Apr 16 20:24:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=25433 PROTO=2
Apr 16 20:26:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=27233 PROTO=2
Apr 16 20:28:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=29033 PROTO=2
Apr 16 20:30:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=30833 PROTO=2
Apr 16 20:32:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=32632 PROTO=2
Apr 16 20:34:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=34431 PROTO=2
Apr 16 20:36:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=36230 PROTO=2
Apr 16 20:38:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=38029 PROTO=2
Apr 16 20:40:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=39828 PROTO=2
Apr 16 20:42:39 WL500g user.warn klogd: ALERTIN=eth1 OUT= MAC=01:00:5e:00:00:01:00:e0:0c:ba:99:7a:08:00 SRC=10.95.7.20 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=41627 PROTO=2

erik_bies
02-05-2004, 22:59
Hi

Am I the only one with this problem?
I just cleared my syslog of over 5000 entries like this

I now run the I use custom firmware - 1.7.5.6-2 from Oleg

Oleg
02-05-2004, 23:39
This is not a bogus errors. It's a firewall log, which you've turned on. And the thing which is shown is just a multicast traffic, which is filtered by wl500g.