Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[juanjo]

Hi:

Searching in the forum for this event i do not find how to avoid it and why is the reason for this event.

My Windows 2008 server wants to do something and perhaps is the discovering of the network devices but I'm not sure of this.

2009-11-22---Warning---IP_PROTO 7000014---TTLOnLowMulticast---UDP---lan---192.168.0.1 224.0.0.252 53457 5355---ttl_low drop.

Can anybody help me and explain me this event and how to avoid it??

Best regards

[chechito]

y have seen this with windows vista too, will be interesting know the reason for this logs and if its necessary fix something of simply ignore

[juanjo]

y have seen this with windows vista too, will be interesting know the reason for this logs and if its necessary fix something of simply ignore

In fact, Windows Server 2008 works similarly to Windows Vista in many aspects and one of them can be this one.

The reality is that the log is full of these events.

1.-Perhaps can be for the next reason (LLMNR)??: http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution

2.- We can disable LLMNR also by the next steps: http://www.vistax64.com/vista-networking-sharing/95027-ability-disable-llmnr.html

Can we configure the firewall to answer to these packets ??
It's necessary ?? (it's necessary unregister this type of event, of course)

I hope someone will help us.

[Fatman]

There are a number of local multicast services, the DFL can not participate is the multicast services, but it can act as a multicast router.

These messages are harmless and are generated by any hosts on your network that will search for network services via multicast.

Your options are to either configure the IGMP sections of your DFL, or to create a rule that drops multicast that reaches the DFL.

The first option is the technically correct answer, but it is a lot of configuration.  I usually use the second in most environments.

[juanjo]

Ok, thanks

I will try to drop multicast packets. The doubt is if dropping packets doesn't register more events of this type, that is the question.

I will try it and post the results in the thread. Ok??   

Very grateful

[chechito]

System-Advanced Settings-Ip Settings-Multi-cast TTL on low - drop

[Fatman]

Also correct, but I tend to write rules to cover up default actions, so that things are as unambiguous as possible.  Good point.

[juanjo]

First, thanks to anybody for the help.

In fact, the solution of chechito is the best option for this type of firewall, because the DFL-210 has all mechanisms to drop this type of events without rules.

But the solution of Fatman is more generalist and very interesting, more technical based on performance of devices, and is applied to all kinds of firewalls, in other words, no necessary DLink firewalls.

Thank you very much chechito and Fatman, "Medal of Honor" for both.

Juanjo

[Lavdd]

I didnt get how to do that without "System-Advanced Settings-Ip Settings-Multi-cast TTL on low - drop"