I administer some Windows Server 2008 R2 machines for my company. I have firewall rules in place to block any connection to these servers from IP addresses not administered by ARIN as well as some ARIN addresses where attacks were launched from.
I'm getting the following line in my firewall logs:
DROP UDP 169.254.22.24 224.0.0.252 62372 5355 58 - - - - - - - RECEIVE
It varies some, especially the port numbers, but it's always the same protocol, source IP, and destination IP. I don't have either IP address range blocked in the firewall rules. Anyone have an idea what might be going on here?
And, don't laugh at me, network security wasn't what I was trained in, so it's kind of a new hat for me
I'm getting the following line in my firewall logs:
DROP UDP 169.254.22.24 224.0.0.252 62372 5355 58 - - - - - - - RECEIVE
It varies some, especially the port numbers, but it's always the same protocol, source IP, and destination IP. I don't have either IP address range blocked in the firewall rules. Anyone have an idea what might be going on here?
And, don't laugh at me, network security wasn't what I was trained in, so it's kind of a new hat for me