Invalid response packet from host

Question

I got these messages in system log. They happened when some of my partners upgrade there machine to Windows 10.

I found some related topics on the internet and they said I can safely ignore the errors. But network admin warning me about my machine is sending the malicious traffic.

I consider what these logs mean? and how to make my machine stop sending malicious traffic?

I am using Ubuntu 14.04.

Nov 30 09:17:08 vinhphat avahi-daemon[890]: Invalid response packet from host 192.168.100.105.
Nov 30 09:17:08 vinhphat avahi-daemon[890]: Invalid response packet from host 192.168.100.105.
Nov 30 09:17:08 vinhphat avahi-daemon[890]: Invalid response packet from host fe80::8ca7:d096:794a:6295.
Nov 30 09:17:08 vinhphat avahi-daemon[890]: Invalid response packet from host 192.168.100.101.
Nov 30 09:18:01 vinhphat avahi-daemon[890]: message repeated 3 times: [ Invalid response packet from host 192.168.100.101.]
Nov 30 09:18:01 vinhphat avahi-daemon[890]: Invalid response packet from host 192.168.100.105.
Nov 30 09:18:54 vinhphat avahi-daemon[890]: Invalid response packet from host 192.168.100.101.
Nov 30 09:19:36 vinhphat avahi-daemon[890]: Invalid response packet from host 192.168.100.105.
Nov 30 09:19:36 vinhphat avahi-daemon[890]: Invalid response packet from host 192.168.100.101.

Thks,

Answer 1

It could very well be a protocol issue with the other hosts. What type of hosts are .101 and .105? Are both Windows 10 machines?

There's a know bug on Avahi in this regard, seem to happen with both OSX and Windows 10 hosts: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1342400

An explanation of the interaction that causes the log can be found at: https://github.com/lathiat/avahi/issues/10/#issuecomment-131972196:

The patch in that bug deals with OSX mDNS response packets that include Additional RRs, but do not include Answer RRs. Windows 10 does something different. It sends responses to all mDNS queries, whether or not it has any records for those requests. That is, it responds with a mDNS packet containing 0 Answer RRs and 0 Additional RRs. This appears to me to be in violation of RFC 6762 (Multicast DNS) Section 6, which states "A Multicast DNS responder MUST only respond when it has a positive, non-null response to send, or it authoritatively knows that a particular record does not exist." I don't know how to file a bug with Microsoft, but IMHO this should probably be addressed on their side.