[SOLVED] Problems With a Hacker - Can anyone tell me if
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I believe you have some service on your local network that is advertising itself or looking for clients. It's your "default deny incoming" rule that's blocking this traffic. Yours looks much like persistent noise I see on my home network, caused by a Multicast DNS server in my router.
mDNS multicasts to 224.0.0.251, so that's not what yours is. You have something multicasting to 224.0.0.1, a generic "all hosts" address.
In this case, I see both 224.0.0.251 and 224.0.0.1.
I learn something every day here.
These addresses are reserved for "multicast" assignments. They appear to be similar to the "private" addresses starting with 192., 10., etc. in that what they're used for is reserved.
What they mean on your 'puter would require a greater understanding than I have, or care to research. I do note that they appear to be "DST" (destination?) addresses from the SRC IP 192.168.1.206 (is that your 'puter?) -- but I'm not sure of that, given ntubski's comment.
PROTO 2 is IGMP
The host at 192.168.1.1 is sending a standard query. From RFC 1112 in the link above:
Quote:
Multicast routers send Host Membership Query messages (hereinafter
called Queries) to discover which host groups have members on their
attached local networks. Queries are addressed to the all-hosts
group (address 224.0.0.1), and carry an IP time-to-live of 1.
The host at 192.168.1.206 appears to be misconfigured.
Funny.. I encountered the same question. But searching for the addresses appearing in my UFW BLOCK notification. It was clear that i where just a multicast and nothing malicious.
But I am glad to see that other people encounter the same notification.
Thank you everyone for all the input.
I'm just trying to cross my "t"'s and dot my "i"'s regarding this issue.
There is actually a person of interest, who honestly could be making attempts.
I merely want to be sure I didn't miss anything obvious to someone with more experience in understanding these things.
Amazes me that some who purport to be experienced Linux users don’t even know if their firewall is switched on or not.
This is observation not conjecture.
Amazes me that some who purport to be experienced Linux users don’t even know if their firewall is switched on or not.
This is observation not conjecture.
Is this in relation to something written in this thread?
Because I don't see the connection.
Which purportedly experienced Linux users in this thread has written something that shows that they don't know if their firewall is "switched on" (*) or not?
(*) BTW, that's not a good term to use because the way iptables is baked into the kernel, it's never really "switched" on or off, it's always there and it's up to the user to make it more restrictive.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.