Randy, This appears to be a DHCP server querying its clients. This is pretty common on a cable modem network. Yes, that is UDP port 67, and as you can see, it's a broadcast. I wouldn't think it's a hacker, because of the fact that it's a broadcast. It's probably just someone running a DHCP server on their home network.
Eddie -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of McHugh Randy Sent: Monday, September 02, 2002 11:34 AM To: [EMAIL PROTECTED] Subject: Log files - spoofing from private 10 adddress [7:52552] My log files show that 10.78.0.1 address is attempting to get through my permimeter router . Would anyone know if this is someone really trying to spoof me or what? And is there any way or tool I can use to determine the real public source address this entity is coming from ? Does any one know if that is a port number (67) beside the IP address and (68) besides that 32 bit host mask? thx Randy 1w3d: %SYS-5-CONFIG_I: Configured from console by console 1w3d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) -> 255.255.255.255(68), 1 packet 1w3d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) -> 255.255.255.255(68), 7 packets 1w4d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) -> 255.255.255.255(68), 4 packets 1w4d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) -> 255.255.255.255(68), 6 packets Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52575&t=52552 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]