|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IP fw-in deny spam in logs
From: Paul Wouters (paul
XTDNET.NL)Date: Thu Apr 13 2000 - 18:30:34 CDT
- Next message: Oliver Friedrichs: "Re: sadmind hack?"
- Previous message: Klaus Moeller: "Re: Weird Ports on NT box"
- In reply to: Erich Meier: "Re: IP fw-in deny spam in logs"
- Reply: Paul Wouters: "Re: IP fw-in deny spam in logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 13 Apr 2000, Erich Meier wrote:
> > Apr 11 04:04:42 HostnameRemoved kernel: IP fw-in deny eth0 UDP 127.0.0.1:68
> > +255.255.255.255:67 L=276 S=0x00 I=60857 F=0x0000 T=128
> This smells like a simple DHCP or BOOTP request. It comes from localhost port
> bootp client (68) and goes to local broadcast port bootp server (67).
I'll admit I haven't kept up with my RFC's but since when do clients request
an IP address through dhcp or bootpd with address 127.0.0.1? I thought the
whole point was that they didn't have one yet (and use 0.0.0.0 :)
It seems to me, something actually took and is using 127.0.0.1 on that network.
And it's very likely to be on the local cable, because 127.0.0.1 is quite
difficult to route around the net.
Out or curiosity, what does "arp -a -i eth0" give you for 127.0.0.1?
Paul Wouters
Xtended Internet
-- Broerdijk 27 Postbus 170 Tel: 31-24-360 39 19 6523 GM Nijmegen 6500 AD Nijmegen Fax: 31-24-360 19 99 The Netherlands The Netherlands info
- Next message: Oliver Friedrichs: "Re: sadmind hack?"
- Previous message: Klaus Moeller: "Re: Weird Ports on NT box"
- In reply to: Erich Meier: "Re: IP fw-in deny spam in logs"
- Reply: Paul Wouters: "Re: IP fw-in deny spam in logs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]