Hi Since I started to do some excessive logging a few days ago, I noticed some strange broadcasted packets:
... Jun 9 16:06:10 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=368 TOS=0x00 PREC=0x00 TTL=255 ID=26012 PROTO=UDP SPT=67 DPT=68 LEN=348 Jun 9 16:06:13 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=368 TOS=0x00 PREC=0x00 TTL=255 ID=26015 PROTO=UDP SPT=67 DPT=68 LEN=348 Jun 9 16:06:19 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26033 PROTO=UDP SPT=67 DPT=68 LEN=313 Jun 9 16:06:23 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26060 PROTO=UDP SPT=67 DPT=68 LEN=313 Jun 9 16:06:28 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=26072 PROTO=UDP SPT=67 DPT=68 LEN=308 Jun 9 16:06:28 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=26075 PROTO=UDP SPT=67 DPT=68 LEN=308 Jun 9 16:06:30 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26078 PROTO=UDP SPT=67 DPT=68 LEN=313 Jun 9 16:06:31 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26081 PROTO=UDP SPT=67 DPT=68 LEN=313 Jun 9 16:06:31 *** kernel: IN=eth0 OUT= MAC=*** SRC=10.208.64.1 DST=255.255.255.255 LEN=333 TOS=0x00 PREC=0x00 TTL=255 ID=26093 PROTO=UDP SPT=67 DPT=68 LEN=313 ... 10.208.64.1 seems to be spoofed anyway.. These packets are received regularly. Something to worry about? Is dhclient vulnerable to this attack? Hope somone can give some insight on this. :) -- Best wishes, Andi
