Broadcast to unknown IP addresses
 

Dear all:
Recently i have deployed squirrel mail 1.4 on a RHEL5 box at client internal network. Every thing is running fine but one of my ip tools has detected e numerous broad cast to different IP addresses like 192.x.x.x or 151.x.x.x or 153.x.x.x.
I am not much worried since the company is using this email service inside their internal perimeter, but i want to know what exactly is going on. Does I need to configure iptables to block such broad cast?

Thanks

Hard to say...you don't say what "ip tool" is returning this information, in what circumstance, or give any details about your network. Since we don't know what IP ranges you use internally, what the exact output of the "ip tools" is, it's hard to say if it's normal or not.

Dear all:
I have carefully reviewed the network. The tools I m using are "wire shark" and "com view". The broad cast that I have recorded is from my mail server to external IP addresses, I already mentioned. Now i can't understand why is this happening.

What else does wireshark say about the packets? It should give enough detail to determine what's going on.

Posting some of the packets to the forum may help us understand what the issue may be. If you post some, sanitize any crucial data you may not want to be showing to the public.

I shall post the packet on monday. As today i m on rest from company.

I have checked all the data in wireshark. It is an ARP broad cast from mail server IP address and MAC to the x.x.x.x IP address and all 00:00 MAC. Is it OK.

Well: I got control of it. I used IPTABLES to block broad cast from mail server to any other network except specified trusted networks, further binding a custom https port through which clients can access the server.