Home > IT Answers > Security > Intrusion from 255 network broadcast address
Slvd
5 pts.
 Intrusion from 255 network broadcast address
Intrusion detection, Network Intrusion
We have about 25 computers on our network. All have F-secure client security installed. Today on several of them I get a pop-up stating that an intrusion attempt has been blocked from the .255 network broadcast address. This is the first time this has occurred. What could be some possible causes for this? Thank you for your time. It is appreciated.

Software/Hardware used:
ASKED: August 1, 2008  3:48 PM
UPDATED: August 2, 2008  12:18 AM
RELATED QUESTIONS
Answer Wiki:
Did the clients get some kind of rule update for F-Secure that could be sensitive to .255 broadcasts? Some firewalls consider this to be unneeded traffic and may give bogus warnings. The thing though to consider is some device trying to send a ping to the broadcast address for your network? Traffic of this type is not legitimate and may indicate an infected system of some type. I would put a traffic sniffer (<a href="http://www.wireshark.org">Wireshark</a>) on a client and see what it shows for broadcast traffic. You may actually find an infected system or system performing some type of network scan.
Last Wiki Answer Submitted:  August 2, 2008  12:18 am  by  Labnuke99   32,645 pts.
All Answer Wiki Contributors:  Labnuke99   32,645 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _