Re: DHCP or Probe?

• Previous message: Valdis.Kletnieks_at_vt.edu: "Re: Is it possible to derease gradually the number of Client port (add up time table) ?"
• Next in thread: Eric Peek: "Re: DHCP or Probe?"
• Reply: Eric Peek: "Re: DHCP or Probe?"
• Reply: John Sage: "Re: DHCP or Probe?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <incidents@securityfocus.com>
Date: Thu, 11 Mar 2004 10:50:12 -0600

 I'm getting the following traffic about every second to my cable modem (My
IP,
not a broadcast address. UDP packets looking for port 67... but from a "10
dot"
address. Is this the typical chatty Roadrunner DHCP probes or is it a worm
probe?
The reason I find this odd is because the source address here is from a "10
dot" class A.
I'm not on PTP... I have a public address... so this is either from a
spoofed address,
a misconfiguration by one of my cable modem neighbors, or worse... a
misconfiguration by RR.

Wed, 2004-03-10 14:43:33 - Device Receive UDP Packet -
Source:10.50.192.1,67,WAN - [Drop] Destination: [My IP Address]
Wed, 2004-03-10 14:43:33 - Device Receive UDP Packet -
Source:10.50.192.1,67,WAN - [Drop] Destination: [My IP Address]
Wed, 2004-03-10 14:43:35 - Device Receive UDP Packet -
Source:10.50.192.1,67,WAN - [Drop] Destination: [My IP Address]
Wed, 2004-03-10 14:43:35 - Device Receive UDP Packet -
Source:10.50.192.1,67,WAN - [Drop] Destination: [My IP Address]

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

• Previous message: Valdis.Kletnieks_at_vt.edu: "Re: Is it possible to derease gradually the number of Client port (add up time table) ?"
• Next in thread: Eric Peek: "Re: DHCP or Probe?"
• Reply: Eric Peek: "Re: DHCP or Probe?"
• Reply: John Sage: "Re: DHCP or Probe?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: blocking p2p traffic ... Network Security Specialist ... firewall with virus/spam protection, ... the comprehensive security solution that combines six ... (Focus-IDS) RE: A new technique to disguise a target URL in spam ... I have seen the same technique used in other emails, ... firewall with virus/spam protection, URL filtering, VPN, ... Security Linux, the comprehensive security solution that combines six ... (Incidents) RE: help with exchange ... Subject: help with exchange ... firewall with virus/spam protection, URL filtering, VPN, ... Security Linux, the comprehensive security solution that combines six ... (Security-Basics) RE: blocking p2p traffic ... (network based application recognition). ... firewall with virus/spam protection, ... >> Security Linux, the comprehensive security solution that combines six ... (Focus-IDS) Re: help with exchange ... You can download an evaluation copy to see if its any use. ... Security Linux, the comprehensive security solution that combines six ... firewall with virus/spam protection, URL filtering, VPN, ... (Security-Basics)