Author Topic: Since upgrading getting traffic to 255.255.255.255 or from 0.0.0.0 in logs (Read 1239 times)

allebone · « **on:** October 15, 2023, 03:54:37 pm »

Hi there,

Since upgrading I have started to get items in my logs I have never seen before as per below:

<see image>

This block rule does prevent devices from accessing a list of IP's in an alias that I have, and 255.255.255.255 is blocked on that port in a firewall rule, so the entry seems valid.

What confuses me is the 0.0.0.0 device is what exactly? And why is it trying to access port 68 UDP (DNS?) to 255.255.255.255?

The other devices are all Unifi AP wifi equipment. (192.168.2.161-164).
Also why do they access 255.255.255.255 on port 10001?

Thank you if anyone has any insight to this.

Pete

CJ · « **Reply #1 on:** October 15, 2023, 04:19:53 pm »

The 1001 is your Unifi equipment doing device discovery. 255.255.255.255 is a broadcast address.

https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference

67 and 68 are DHCP ports, not DNS. https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

As for the 0.0.0.0 showing up, it sounds like you have something misconfigured.

allebone · « **Reply #2 on:** October 15, 2023, 07:42:04 pm »

Interesting. I will look into it. Thanks.

Author Topic: Since upgrading getting traffic to 255.255.255.255 or from 0.0.0.0 in logs (Read 1239 times)

allebone

Since upgrading getting traffic to 255.255.255.255 or from 0.0.0.0 in logs

CJ

Re: Since upgrading getting traffic to 255.255.255.255 or from 0.0.0.0 in logs

allebone

Re: Since upgrading getting traffic to 255.255.255.255 or from 0.0.0.0 in logs