On 14 Aug 2023, at 09:57, Sebastian Johansson <steamruler@gmail.com> wrote:
The global scope address targeted belongs to their probe, hence my suggestion to just suppress the log message - if I chased down every odd packet my probe received, I wouldn't have time for much else :)
Fair enough, it’s half a dozen messages a day after all. But that link-local prefix seems to indicate some misconfiguration somewhere, and were it on my network I’d want to find out why. Tim
On Mon, Aug 14, 2023 at 10:51 AM Tim Chown <Tim.Chown@jisc.ac.uk> wrote:
On 14 Aug 2023, at 09:14, Sebastian Johansson <steamruler@gmail.com> wrote:
[You don't often get email from steamruler@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't forward packets from link local addresses, so I'd honestly just suppress the log message and leave it at that.
Maybe it’s to an internal system.
But it would be good to find out why those messages happen. That format of link local address is very unusual to see and contravenes RFC 4291 (see https://www.rfc-editor.org/rfc/rfc4291#page-11).
If the node really wants to talk to the ipv6.telus.net system on 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global scope address. RFC 6724 prefers matched scope of addresses, because the destination can’t reply unless it happens to be on the same link as the sender.
The standards now say the host past of the address should not be a MAC address, see RFC 7217 and other RFCs recommending its use.
Tim
On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse <daryl_morse@telus.net> wrote:
I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following:
Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
The messages occur in groups of three, spaced a few seconds apart.
All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe.
There are no entries in the NDP table corresponding to these messages.
I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense.
My probe is RIPE-Atlas-Probe-52209.
I'm interested to know if anyone else has experienced this. -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
-- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas