Register

Forgot Password

Site FAQ

Home > IT Answers > Security > malformed packet alert

Carnage6669

0 pts.

malformed packet alert

Application security, configuration, Database, Encryption, Exchange, Firewalls, Forensics, Incident response, Instant Messaging, Intrusion management, Network security, patching, PEN testing, Platform Security, Secure Coding, Security, VPN, vulnerability management, Wireless

I get this message from my router every 2 minuets or so. I tried blocking to ports that it attacks and the IP but the major issue is that, that IP is a broadcast IP, so i don't know where it is coming from. What my question is, is how do is stop these alerts (short of removing my e-mail from the router) and what do they mean. Malformed or unhandled IP packet dropped - ***.***.176.198, 0, WAN - 224.0.0.1 - IP Protocol 2

Software/Hardware used:

ASKED: January 10, 2007 1:28 AM

UPDATED: January 10, 2007 6:30 PM

RELATED QUESTIONS

Answer Wiki:

Protocol 2 is IGMP (Internet Group Management Protocol) It is defined by RFC 1112. This is usually used for multi-casting (but now always). I'd recommend that you look at http://www.iana.org/assignments/igmp-type-numbers to further see what this is that you're concerned about. The destination address of 224.*-whatever should alert you to the fact that this is a multicast. Although it could be an attack (wearing my paranoid hat here), It's generally unlikely that it IS an attack. Check the source address, (which you've obfuscated), and then go through your firewall logs and see if anyone is sending requests to anything even CLOSE to that address-wise. Good luck, and good hunting, Bob

Last Wiki Answer Submitted: January 10, 2007 3:30 am by Bobkberg

1,070 pts.

All Answer Wiki Contributors: Bobkberg

1,070 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Jan 10, 2007 5:52 PM (GMT)

the IP that i have hidden is the IP to my Router it is always to router from the Multicast IP

Carnage6669

0 pts.

POSTED: Jan 10, 2007 5:52 PM (GMT)

the IP that i have hidden is the IP to my Router it is always to router from the Multicast IP

Carnage6669

0 pts.

POSTED: Jan 10, 2007 6:30 PM (GMT)

If you have Multicast enabled on your router, or IGMP enabled on switches on your network, you will see this type of traffic. To eliminate the alert, you will need to either disable multicast on the router or disable IGMP on your switch(es). In order to determine the source, you could capture one of the packets and examine the source MAC address.

Regards,
SLW

SWeidner

0 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags