Today, I listed my iptables for a routine check -- and discovered two strange UFW rules that I don't remember setting up myself, referring to two specific IP addresses that I can't identify:
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
This is kind of scary. Did someone manage to hack into my server and add these rules? If not, what happened?
(And if some malicious agent did hack into my firewall, why would they use ports 5353 and 1900, that aren't being forwarded by my router??)