Perhaps it's Joshua's router that is forwarding bootp/dhcp requests into his
DMZ, where his firewall can see the traffic, but he doesn't know it's his
router doing it. Some outfits have the router people, and then the UNIX
people, and they don't talk with each other enough... :)
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Stackpole
> Sent: Monday, May 24, 1999 1:23 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Odd UDP Probe - Bootstrap ?
>
>
> It could be a misconfigured client but it's still a little strange,
> normally, routers would not forward BOOTP requests because they are
> broadcast packets. (See Cisco ip-helper interface command)
>
> > -----Original Message-----
> > From: Joshua Chamas [SMTP:[EMAIL PROTECTED]]
> > Sent: Sunday, May 23, 1999 12:20 PM
> > To: [EMAIL PROTECTED]
> > Subject: Odd UDP Probe - Bootstrap ?
> >
> > Hey,
> >
> > Got another one for y'all. Port 67 on UDP seems to be the bootstrap
> > protocol. This was reported coming into my external firewall interface.
> >
> > > (1) May 22 15:22:25 router 25 deny: UDP from 0.0.0.0.1029 to
> > 255.255.255.255.67
> > > (1) May 22 15:22:27 router 25 deny: UDP from 0.0.0.0.1030 to
> > 255.255.255.255.67
> > > (1) May 22 15:22:30 router 25 deny: UDP from 0.0.0.0.1031 to
> > 255.255.255.255.67
> > > (1) May 22 15:22:32 router 25 deny: UDP from 0.0.0.0.1032 to
> > 255.255.255.255.67
> > > (1) May 22 15:22:35 router 25 deny: UDP from 0.0.0.0.1033 to
> > 255.255.255.255.67
> >
> > Am I right in thinking that this might be some misconfigured client
> > outside the firewall? The thing that bugs me here is the lack
> > of routable IP on the return address.
> >
> > I like being able to report on these kinds of things, but I wouldn't
> > know where to go with this, except my upstream ISP.
> >
> > Thanks,
> >
> > Joshua
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
