Menu
▾
▴
RE: [IPCop-user] VERY strange firewall log entry...
|
From: Serge v. G. (svgn) <ser...@or...> - 2003-07-09 12:54:17
|
Yep, indeed. That range is what windows use for 'auto-configuration' of IP addresses when no dhcp is found. The guilty box is probably a W2K or WXP box (not sure if Millenium did that stuff?) Greetz, Serge -----Original Message----- From: Marco van Beek [mailto:mva...@su...] Sent: Wednesday, July 09, 2003 2:25 PM To: Matt Dale; ipc...@li... Subject: Re: [IPCop-user] VERY strange firewall log entry... Looks like a Windows box on the internal network looking for a DHCP server. The 169.254.x.x range (as far as I can remember) is what it ends up with if it cannot find a dhcp server. Marco van Beek Supporting Role Ltd. ----- Original Message ----- From: "Matt Dale" <mat...@nt...> To: <ipc...@li...> Sent: 09 July 2003 11:15 Subject: [IPCop-user] VERY strange firewall log entry... Yesterday, I picked up two of these: 12:12:02 input eth0 UDP 169.254.158.219 137(NETBIOS-NS) 169.254.255.255 137(NETBIOS-NS) For a start, I should even be seeing that as I have this line in /etc/rc.d/rc.firewall.up: ipchains -A input -p UDP -i $RED_DEV --destination-port 137 -j DENY However, I suspect the reason I am seeing it is because of the destination address. My networking protocol knowlege isn't "all that", but if I recall correctly, something sent to x.x.x.255 is a broadcast right? Ok, which would be fair enough if I was in that subnet. Or, for that matter, if my red IP even had the same STARTING digit (without giving away my entire IP, it starts 81.102.x.x - the NTL ISP range in the UK). So can someone explain how on earth my IPCop box is picking up what looks like a bulk netbios attack on an IP range no-where near mine? Is this some advanced use of IP spoofing or what? Thanks. ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ IPCop-user mailing list IPC...@li... https://lists.sourceforge.net/lists/listinfo/ipcop-user |