Unusual packet traffic
Derek Atkins
warlord at MIT.EDU
Sat Jan 11 21:14:17 EST 2003
FTR, I can usually see a lot of DHCP-style traffic on my internal
network that comes in through my RCN cablemodem. I don't usually see
much other traffic.
-derek
"Bill Horne" <bill at horne.net> writes:
> Hi, thanks for reading this.
>
> I just added a firewall rule that logs any attempt to spoof IP
> addresses. The rule logs any incoming traffic from RFC1918 (i.e.,
> "detached network") addresses.
>
> I got a lot of packets like this in the log today. At first glance, it
> looks like someone is trying to connect a device that's setup for
> BOOTP, but the source port is 67, not 68. The only thing I can think
> of is that it's the cable company advertising DHCP services for the
> cable modems.
>
> Opinions?
>
> Jan 11 15:18:43 billhorne kernel: IN=eth0 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:b0:8e:f5:10:54:08:00 SRC=10.219.216.1
> DST=255.255.255.255 LEN=360 TOS=0x00 PREC=0x00 TTL=255 ID=24721
> PROTO=UDP SPT=67 DPT=68 LEN=340
>
> Bill
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Discuss
mailing list