Outgoing Connections 169.254.98.x - Firewalls

This is a discussion on Outgoing Connections 169.254.98.x - Firewalls ; I've got an outgoing connection on one of our firewalls to 169.254.98.x. I thought this was the Class C that Microsoft assigns by default? The outgoing connection is to the Lotus Notes port (destination port = 1352), so that looks ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Outgoing Connections 169.254.98.x

  1. Outgoing Connections 169.254.98.x

    I've got an outgoing connection on one of our firewalls to 169.254.98.x.
    I thought this was the Class C that Microsoft assigns by default? The
    outgoing connection is to the Lotus Notes port (destination port = 1352), so
    that looks very suspicious. Should I be concerned about that?

    --
    Will



  2. Re: Outgoing Connections 169.254.98.x

    On Thu, 8 Feb 2007 21:13:48 -0800, Will wrote:
    > I've got an outgoing connection on one of our firewalls to 169.254.98.x.
    > I thought this was the Class C that Microsoft assigns by default? The
    > outgoing connection is to the Lotus Notes port (destination port = 1352), so
    > that looks very suspicious. Should I be concerned about that?


    I would suspect plain old networking issues like dns or dhcp, possibly
    a combination, spiced up with connectivity challenged workstations.
    That destination address is not going anywhere past your ISP at best,
    so I wouldnt loose sleep over this.

    Anyhow, 169.254/16 are considered not routable (rfc 3927), so treat
    it like rfc1918-addresses and drop it at the firewall.

    --
    New and exciting signature!


  3. Re: Outgoing Connections 169.254.98.x

    On Thu, 8 Feb 2007, in the Usenet newsgroup comp.security.firewalls, in article
    , Will wrote:

    >I've got an outgoing connection on one of our firewalls to 169.254.98.x.
    >I thought this was the Class C that Microsoft assigns by default?


    3330 Special-Use IPv4 Addresses. IANA. September 2002. (Format:
    TXT=16200 bytes) (Status: INFORMATIONAL)

    3927 Dynamic Configuration of IPv4 Link-Local Addresses. S. Cheshire,
    B. Aboba, E. Guttman. May 2005. (Format: TXT=83102 bytes) (Status:
    PROPOSED STANDARD)

    A pair of RFCs that you can find with any search engine. 169.254.x.x
    is used by windoze and Macintosh boxes when the DHCP server is not
    handing out addresses. Briefly, in that case, your windoze box reaches
    up it's a$$ and grabs a random address in the range 169.254.0.1 to
    169.254.255.254 and uses that for local only network communications.
    Any router should be silently discarding these packets as unroutable.

    >The outgoing connection is to the Lotus Notes port (destination port
    >= 1352), so that looks very suspicious.


    No - just some user on your LAN trying to check his mail. If you
    sniffed the packets, you may see his username.

    >Should I be concerned about that?


    If you are sure your DHCP server is correctly configured, then the
    owner of the mis-configured computer on your LAN may come whining
    to the hell-desk about the Internet being down. If you allow random
    computers to connect to your LAN, you'll have to fix the broken
    configuration - possibly a personal firewall on the b0rken box.

    If you don't have a DHCP server, then either you have a visitor on your
    wires, or one of your users has been dinking with the configuration of
    his computer. Some network administrators frown on that.

    Old guy

+ Reply to Thread