1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RT-N66U and user.alert kernel: DROP

Discussion in 'Tomato Firmware' started by cbodio, Mar 17, 2014.

  1. cbodio

    cbodio Reformed Router Member

    Hi, I install Tomato(Shibby) to Asus RT-N66U
    Tomato Firmware 1.28.0000 MIPSR2-116 K26AC USB AIO-64K
    I have a lot of message in system log -
    Mar 17 10:42:44 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:5f <1>SRC=86.62.85.97 DST=91.*.*.29 <1>LEN=95 TOS=0x00 PREC=0x00 TTL=120 ID=39937 PROTO=UDP <1>SPT=12274 DPT=24156 LEN=75

    Mar 17 10:42:44 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:30 <1>SRC=109.207.230.107 DST=91.*.*.29 <1>LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=16331 DF PROTO=TCP <1>SPT=53703 DPT=24156 SEQ=3196098299 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204058401010402)

    Mar 17 10:42:45 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:70:00:30 <1>SRC=188.232.232.19 DST=91.*.*.29 <1>LEN=48 TOS=0x10 PREC=0x60 TTL=122 ID=21268 DF PROTO=TCP <1>SPT=36785 DPT=24156 SEQ=671706219 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405A001010402)

    Mar 17 10:42:45 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:30 <1>SRC=109.207.230.107 DST=91.*.*.29 <1>LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=16335 PROTO=UDP <1>SPT=58593 DPT=24156 LEN=28

    Mar 17 10:42:46 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:86 <1>SRC=125.27.96.172 DST=91.*.*.29 <1>LEN=134 TOS=0x00 PREC=0x00 TTL=116 ID=23885 PROTO=UDP <1>SPT=20365 DPT=51413 LEN=114

    Mar 17 10:42:47 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:34 <1>SRC=109.196.197.115 DST=91.*.*.29 <1>LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=19133 DF PROTO=TCP <1>SPT=56888 DPT=24156 SEQ=2697359366 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405A00103030201010402)

    Mar 17 10:42:50 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:34 <1>SRC=109.196.197.115 DST=91.*.*.29 <1>LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=21017 DF PROTO=TCP <1>SPT=56888 DPT=24156 SEQ=2697359366 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405A00103030201010402)

    Mar 17 10:42:50 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:3a <1>SRC=109.196.197.115 DST=91.*.*.29 <1>LEN=58 TOS=0x00 PREC=0x00 TTL=115 ID=21076 PROTO=UDP <1>SPT=11075 DPT=24156 LEN=38

    Mar 17 10:42:50 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:34 <1>SRC=91.237.24.2 DST=91.*.*.29 <1>LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=8248 DF PROTO=TCP <1>SPT=51947 DPT=24156 SEQ=339517005 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405A00103030201010402)

    Mar 17 10:42:50 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:3a <1>SRC=91.237.24.2 DST=91.*.*.29 <1>LEN=58 TOS=0x00 PREC=0x00 TTL=56 ID=8249 PROTO=UDP <1>SPT=61512 DPT=24156 LEN=38

    Mar 17 10:42:51 rtn66u user.alert kernel: DROP <4>DROP IN=vlan2 OUT= MAC=*:*:*:*:ea:78:*:*:*:*:78:60:08:00:45:00:00:aa <1>SRC=5.140.234.75 DST=91.*.*.29 <1>LEN=170 TOS=0x00 PREC=0x00 TTL=119 ID=59030 PROTO=UDP <1>SPT=19183 DPT=51413 LEN=150

    MAC *:*:*:*:ea:78 WAN Port
    MAC *:*:*:*:78:60 vlan2
    IP 91.*.*.29 ip rtn66u
    What does it mean? What is wrong? And what can I do with it?
    Thanks, Bogdan
     
  2. koitsu

    koitsu Network Guru Member

    These are packets which your iptables rules are intentionally dropping. One or more of your rules has the log directive applied to it (or more likely are using the chain target of LOG or logdrop or something along those lines); possibly you enabled this through the GUI (Administration / Logging / Connection Logging)?

    There are lots of possibilities for this -- the list is almost endless. A common one I've seen are people who turn on logging then do things like run a torrent client, get something, then shut off the torrent client and suddenly complain about UDP or TCP connections that no longer have a matching state entry for them. But as I said, the list of reasons is almost endless.

    Turn off logging of this sort if you don't care about this sort of thing or don't know what it is you're looking at. There's nothing worse than someone getting OCD about logging messages if they enabled the logging in the first place. :D

    P.S. -- Please do not hide/edit the information shown. People in-the-know (ex. myself) will be unwilling to help anyone who edits information in requests like this (packet captures, traces, iptables assistance). You messed up the edits you did as well (particularly around the MAC addresses) which makes me question the legitimacy of the rest of the data. Don't do this going forward please.
     
    darkknight93 likes this.

Share This Page