My server is generating this psad error. I am not sure what it means? I think it is saying an IPv6 ping request was blocked but am not sure.
And if it is a ping request, is it from the server to another device? I don’t recall anything on my network being IPv6 enabled so I’m confused what it could/would be.
=-=-=-=-=-=-=-=-=-=-=-= Sat Mar 9 22:50:28 2019 =-=-=-=-=-=-=-=-=-=-=-= Danger level:  (out of 5) Source: 0000:0000:0000:0000:0000:0000:0000:0000 DNS: [No reverse dns info available] Destination: ff02:0000:0000:0000:0000:0000:0000:0016 DNS: [No reverse dns info available] Overall scan start: Sat Mar 9 22:50:28 2019 Total email alerts: 1 Syslog hostname: vm Global stats: chain: interface: protocol: packets: OUTPUT enp0s3 icmp6 1 [+] ICMP6 scan signatures: Invalid ICMP type "143" chain=OUTPUT packets=1 [+] Whois Information (source IP): No whois server is known for this kind of object. =-=-=-=-=-=-=-=-=-=-=-= Sat Mar 9 22:50:28 2019 =-=-=-=-=-=-=-=-=-=-=-=
ICMPv6 type 143 is Version 2 Multicast Listener Report as defined in RFC 3810. It is sent from your node to the local router(s) to advertise its ability (or inability) to receive multicast traffic.
It’s a bit bizarre that PSAD would call this traffic “Invalid” as MLDv2 has only been around for 15 years.
PSAD appears to be an active project; you should report this problem to its developers via whatever bug tracking system they use.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.