Rock64 SBC w/ 4GB RAM, 64GB eMMC, 1TB USB 3 HDD, on Ubuntu headless 16.04 Armbian.
I am getting this UFW block every 5-7 mins in my /var/log/syslog. I am needing some help figuring out where it is coming from and what it is.
Code: Select all
Jun 4 20:46:35 localhost kernel: [622159.443167] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 20:48:40 localhost kernel: [622284.887920] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 20:50:46 localhost kernel: [622410.332657] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 20:52:51 localhost kernel: [622535.777455] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 20:54:57 localhost kernel: [622661.222251] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 20:57:02 localhost kernel: [622786.667053] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 20:59:08 localhost kernel: [622912.111844] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:01:13 localhost kernel: [623037.556645] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:03:18 localhost kernel: [623163.001466] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:05:24 localhost kernel: [623288.446238] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:07:29 localhost kernel: [623413.891068] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:09:35 localhost kernel: [623539.335871] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:11:40 localhost kernel: [623664.780690] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:13:46 localhost kernel: [623790.225477] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:15:51 localhost kernel: [623915.670290] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:17:57 localhost kernel: [624041.115067] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:20:02 localhost kernel: [624166.559919] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:22:07 localhost kernel: [624292.004706] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Jun 4 21:24:13 localhost kernel: [624417.449474] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:14:91:82:b9:9a:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
So, it would be great to figure out what everything else means. I read that TTL stands for Time To Live and it gets kind of murky after that. I am putting money on SRC= source IP and DST= destination IP.
TOS could be Terms of Service and PREC is what I have called others in the past when they tick me off, and lastly, DF PROTO could be some crappy attempt at teaching me French. LOL! That's my best guess guys!
Thanks for the help,
~T