Hi y'all! I'm confuzzled.
I have repeated entries in my syslog in log file viewer.
Jan 26 08:31:42 MYSERV kernel: [25624.013276] [UFW BLOCK] IN=eth0 OUT= MAC=BIG_MAC SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 PROTO=2 Jan 26 08:31:42 MYSERV kernel: [25624.013768] [UFW BLOCK] IN=eth0 OUT= MAC=BIG_MAC SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 PROTO=2 Jan 26 08:33:48 MYSERV kernel: [25750.017039] [UFW BLOCK] IN=eth0 OUT= MAC=BIG_MAC SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=0 PROTO=2 Jan 26 08:33:48 MYSERV kernel: [25750.017562] [UFW BLOCK] IN=eth0 OUT= MAC=BIG_MAC SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=0 PROTO=2
Where MYSERV is the name of my server, and BIG_MAC is what appears to be a mac address but longer than I am used to . always the same number, =01:00:5e:00:00:01:a0:21:b7:43:91:37:08:00
As far as I can see, 192.168.1.1 is connecting to a broadcast address, to see if anyone's there. Thing is, 192.168.1.1 IS NOT an address that I'm aware I'm using; my subnet is 192.168.0.*.
If I open 192.168.1.1 in a webbrowser, it opens a trivial webpage I have set up as an adblock-replacement page. The thing is, this web page normally serves on 127.0.0.1
On the server, if I ping 192.168.1.1 it responds in about the same amount of time as 192.168.0.1
I suspect that 192.168.1.1. is my own server bound somehow to another ip address. I doubt that this is something from outside getting in to my network. Can anyone help me find out what it is, where it is, and how to stop it?
Cheers Steve