[44net] Gateway 77.138.34.39

Once a minute, at 8 seconds past the minute, gateway 77.138.34.39 sends an encapped UDP packet to the amprgw router that has a zero inner source address and an all-ones inner destination address. The payload length is 94 bytes and the source and destination ports are both 5678. The periodicity suggests that it's some process that runs every minute (out of crontab?) and takes about 8 seconds to complete. There is a list of things port 5678 may be used for at http://www.speedguide.net/port.php?port=5678 This may be Mikrotik Neighbor Discovery protocol. Here's a log record of one such packet: Apr 27 17:02:08 <local0.info> amprgw ipipd[22702]: ISRC0: len 122, os 77.138.34.39, od 169.228.66.251, is 0.0.0.0, id 255.255.255.255, ttl 64, proto 17 And here's a tcpdump of one: 17:06:08.419945 IP (tos 0x0, ttl 242, id 36314, offset 0, flags [none], proto IPIP (4), length 142) 77.138.34.39 > 169.228.66.251: IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 122) 0.0.0.0.5678 > 255.255.255.255.5678: UDP, length 94 The portal record shows that this gateway belongs to Ronen Pinchuk [4Z4ZQ]. Ronen, when you have a few spare minutes, could you look at your gateway and see if you can stop this from happening? - Brian