Strange dmesg UFW messages… lots of them
I’ve done some digging but haven’t been able to find something that explains below message I found in dmesg? It’s obvious the UFW firewall is blocking something, but I am not having any success in tracking down what is causing it.
[1170462.231472] [UFW BLOCK] IN=ens3 OUT= MAC=01:00:5e:00:00:01:d8:d5:b9:00:68:9c:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Any pointers on where to look would be appreciated.
What you are seeing IGMP Multicast discovery packets. This happens when you have IoT devices around your home or discoverable network devices.
By default, UFW enables logging. To stop logging these notices, just do sudo ufw logging off. This logging is normal to see everywhere, and unfortunately so are multicast packets. There’s nothing to "hunt down" for packet sources. Smart TVs, Smart Ovens, Google HOME / Alexa devices, etc. are all causes for multicast "noise" (as is Avahi on your own system if enabled), so there’s not really anything necessarily concerning here if you have any kind of IoT device on your network.
Obligatory notice though: by disabling logging you might miss actual attacks on machines via others in your network. Disabling logging prevents this data from being found.