Is my squid proxy hacked

perfectpol7 · 02-16-2009, 03:07 AM

Hie

I had a proxy server running with fedora 10 and webmin installed. I have set bandwidth monitoring facility on. When i activate show traffic by host I notice one IP address which is out of my IP addresses. My ip address are 10.0.0/255 and the stranger one is 224.0.0.251. Is this means that I am hackered or where is this coming from. I am using webmin squid proxy and even the bandwidth monitor. Secondly how do I allocate bandwidth to different ip address in my LAN

chort · 02-16-2009, 03:45 AM

Do you have any Macs on your network? That's probably the Rendezvous service.

perfectpol7 · 02-16-2009, 04:05 AM

No I do not have macs and i tried to ping it but no respond.

acid_kewpie · 02-16-2009, 04:11 AM

you wouldn't be able to p[ing it, it's a multicast address. Google says it's just multicast DNS - http://www.networksorcery.com/enp/pr.../multicast.htm so nothing to worry about

repo · 02-16-2009, 04:14 AM

According to RFC 3171 this block of addresses (224.0.0.x) is reserved for
special purposes.

This is a multicast address
224.0.0.251 mDNS, Multicast DNS.

Take a look at
http://www.networksorcery.com/enp/pr.../multicast.htm

perfectpol7 · 02-16-2009, 04:38 AM

thanks for the link guys my fears have gone now.

salasi · 02-16-2009, 05:27 AM

Yes, its probably your router doing Rendezvous/Mdns/Bonjour broadcasts so that the rest of you network can config itself with minimum intervention (it could be something else doing the same thing).

Wireshark will show you the source addr.

You could turn it off, but you'll probably break stuff.