subject:"strange broadcast packets"

Re: strange broadcast packets

2003-06-10 Thread Andreas Wüst

Hi Phillip

On Dienstag, 10-Jun-03 at 19:59:40, Phillip Hofmeister wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Tue, 10 Jun 2003 at 07:21:25PM +0100, Andreas W?st wrote:
>> Hi
>> 
>>> Hello,
>>> 
>>> isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
>>> dhcp requests from clients?
>> 
>> No lan here.. !!
> 
> That IP address might be used by your cable modem service as an
> internal management address to hand out IP addresses. Or it might even
> be your bridge (cable modem). In either case. This is not something to
> be worried about. In fact I made a special rule in my iptables so such
> packets don't get logged.

Cool, thanks a lot for your help!!

So, can I happily block them? As it
seems, unfortunately I have to keep udp port 68 stateful open, to renew
the dhcp lease, no?

-- 
All the best, and really thanks a lot for your answers,
Andi

Re: strange broadcast packets

2003-06-10 Thread Andreas Wüst

Hi Phillip

On Dienstag, 10-Jun-03 at 19:59:40, Phillip Hofmeister wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Tue, 10 Jun 2003 at 07:21:25PM +0100, Andreas W?st wrote:
>> Hi
>> 
>>> Hello,
>>> 
>>> isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
>>> dhcp requests from clients?
>> 
>> No lan here.. !!
> 
> That IP address might be used by your cable modem service as an
> internal management address to hand out IP addresses. Or it might even
> be your bridge (cable modem). In either case. This is not something to
> be worried about. In fact I made a special rule in my iptables so such
> packets don't get logged.

Cool, thanks a lot for your help!!

So, can I happily block them? As it
seems, unfortunately I have to keep udp port 68 stateful open, to renew
the dhcp lease, no?

-- 
All the best, and really thanks a lot for your answers,
Andi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: strange broadcast packets

2003-06-10 Thread Phillip Hofmeister

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 10 Jun 2003 at 07:21:25PM +0100, Andreas W?st wrote:
> Hi
> 
> > Hello,
> > 
> > isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
> > dhcp requests from clients?
> 
> No lan here.. !!

That IP address might be used by your cable modem service as an internal
management address to hand out IP addresses.  Or it might even be your
bridge (cable modem).  In either case.  This is not something to be
worried about.  In fact I made a special rule in my iptables so such
packets don't get logged.

Be well,

- -- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #34: Heavy gravity fluctuation move computer to floor rapidly 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+5iqFS3Jybf3L5MQRAvTTAJ9HjtzJ3VLuxePPG6Ph9ZOW9dYKgACfXpet
jjtqPu0j7Se0dWS2gwScG10=
=3kbY
-END PGP SIGNATURE-

Re: strange broadcast packets

2003-06-10 Thread Andreas Wüst

Hi

> Hello,
> 
> isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
> dhcp requests from clients?

No lan here.. !!

-- 
Best wishes,
Andi

Re: strange broadcast packets

2003-06-10 Thread Phillip Hofmeister

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 10 Jun 2003 at 07:21:25PM +0100, Andreas W?st wrote:
> Hi
> 
> > Hello,
> > 
> > isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
> > dhcp requests from clients?
> 
> No lan here.. !!

That IP address might be used by your cable modem service as an internal
management address to hand out IP addresses.  Or it might even be your
bridge (cable modem).  In either case.  This is not something to be
worried about.  In fact I made a special rule in my iptables so such
packets don't get logged.

Be well,

- -- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #34: Heavy gravity fluctuation move computer to floor rapidly 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+5iqFS3Jybf3L5MQRAvTTAJ9HjtzJ3VLuxePPG6Ph9ZOW9dYKgACfXpet
jjtqPu0j7Se0dWS2gwScG10=
=3kbY
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: strange broadcast packets

2003-06-10 Thread Andreas Wüst

Hi

> Hello,
> 
> isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to
> dhcp requests from clients?

No lan here.. !!

-- 
Best wishes,
Andi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

re: strange broadcast packets

2003-06-10 Thread kuba . jakubik


Hello,

isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to dhcp 
requests from clients?


Carpe Noctem,

Kuba BIGHard Jakubik

re: strange broadcast packets

2003-06-10 Thread kuba . jakubik

Hello,

isn't perhaps 10.208.64.1 your dhcp server and aren't this reply to dhcp 
requests from clients?

Carpe Noctem,

Kuba BIGHard Jakubik

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

strange broadcast packets

2003-06-09 Thread Andreas Wüst

Hi

Since I started to do some excessive logging a few days ago, I
noticed some strange broadcasted packets:

...
Jun  9 16:06:10 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=368 TOS=0x00 PREC=0x00 TTL=255 ID=26012 PROTO=UDP 
SPT=67 DPT=68 LEN=348 
Jun  9 16:06:13 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=368 TOS=0x00 PREC=0x00 TTL=255 ID=26015 PROTO=UDP 
SPT=67 DPT=68 LEN=348 
Jun  9 16:06:19 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26033 PROTO=UDP 
SPT=67 DPT=68 LEN=313 
Jun  9 16:06:23 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26060 PROTO=UDP 
SPT=67 DPT=68 LEN=313 
Jun  9 16:06:28 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=26072 PROTO=UDP 
SPT=67 DPT=68 LEN=308 
Jun  9 16:06:28 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=26075 PROTO=UDP 
SPT=67 DPT=68 LEN=308 
Jun  9 16:06:30 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26078 PROTO=UDP 
SPT=67 DPT=68 LEN=313 
Jun  9 16:06:31 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26081 PROTO=UDP 
SPT=67 DPT=68 LEN=313 
Jun  9 16:06:31 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 
DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26093 PROTO=UDP 
SPT=67 DPT=68 LEN=313
...

10.208.64.1 seems to be spoofed anyway..

These packets are received regularly. Something to worry about? Is
dhclient vulnerable to this attack?

Hope somone can give some insight on this. :)

-- 
Best wishes,
Andi

strange broadcast packets

2003-06-09 Thread Andreas Wüst

Hi

Since I started to do some excessive logging a few days ago, I
noticed some strange broadcasted packets:

...
Jun  9 16:06:10 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=368 TOS=0x00 PREC=0x00 TTL=255 ID=26012 PROTO=UDP SPT=67 DPT=68 LEN=348 
Jun  9 16:06:13 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=368 TOS=0x00 PREC=0x00 TTL=255 ID=26015 PROTO=UDP SPT=67 DPT=68 LEN=348 
Jun  9 16:06:19 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26033 PROTO=UDP SPT=67 DPT=68 LEN=313 
Jun  9 16:06:23 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26060 PROTO=UDP SPT=67 DPT=68 LEN=313 
Jun  9 16:06:28 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=26072 PROTO=UDP SPT=67 DPT=68 LEN=308 
Jun  9 16:06:28 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=26075 PROTO=UDP SPT=67 DPT=68 LEN=308 
Jun  9 16:06:30 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26078 PROTO=UDP SPT=67 DPT=68 LEN=313 
Jun  9 16:06:31 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26081 PROTO=UDP SPT=67 DPT=68 LEN=313 
Jun  9 16:06:31 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 
LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26093 PROTO=UDP SPT=67 DPT=68 LEN=313
...

10.208.64.1 seems to be spoofed anyway..

These packets are received regularly. Something to worry about? Is
dhclient vulnerable to this attack?

Hope somone can give some insight on this. :)

-- 
Best wishes,
Andi


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: strange broadcast packets

Re: strange broadcast packets

Re: strange broadcast packets

Re: strange broadcast packets

Re: strange broadcast packets

Re: strange broadcast packets

re: strange broadcast packets

re: strange broadcast packets

strange broadcast packets

strange broadcast packets

10 matches

Site Navigation

Mail list logo

Footer information