Broadcast IP through Proxy

user398765 asked:

I see destination IP as when a user trying to access URL. Can anyone explain why and when this will happen. Sample packet

<30>Feb 4 05:55:34 msdsdg mwg: McAfeeWG|time_stamp=[04/Feb/2017:05:55:34 +0000]|auth_user=0125402452$|src_ip=|server_ip=||url_port=80|status_code=407|bytes_from_client=410|bytes_to_client=4542|categories=Business, Software/Hardware|rep_level=Minimal Risk|method=GET|url=|media_type=|application_name=|user_agent=Microsoft NCSI|block_res=0|block_reason=|virus_name=|hash=|filename=|filesize=0|

My answer:

You’re showing a log entry from McAfee Web Gateway. It shows an attempt to access which is a very common thing for Windows computers to do. Windows checks this URL and one other URL to determine Internet connectivity.

The interesting thing about this particular site is that it only has an IPv6 address. It does not actually have an IPv4 address. This allows Windows to detect IPv6 connectivity independently of IPv4 connectivity.

$ host is an alias for is an alias for has IPv6 address 2001:559:19:305::6861:e6a has IPv6 address 2001:559:19:305::6861:e93

That being the case, I would guess that McAfee is simply using as a placeholder for the nonexistent IPv4 address.

The Web Gateway refused this request with a 407 Proxy Authentication Required error. This usually happens when the user is not logged in to the proxy server. But if they were logged in, then it could be a bug related to the product’s lack of IPv6 support.

Your next step is to contact McAfee and find out when the Web Gateway will support IPv6. If it does not already, or they do not already have an update which supports IPv6, you should begin shopping for a replacement.

Or it could be that McAfee supports IPv6 but your network doesn’t. In that case you need to get IPv6 deployed.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.