Quoting Christopher Sawtell <[EMAIL PROTECTED]>: > On Tuesday 28 February 2006 08:31, Craig FALCONER wrote: > > I have to admit - I sat for about five minutes last night staring at > the > > orange Activity light on my cable modem. > > > > Not once in that ~5 mins did it go off for even a blink. > Same here. Even during the wee hours of the morning. > The activity LED around the back of the modem does wink occasionally, as > > does the one on the NIC on the firewall machine. > > See other comments inline below. > > > Some serious traffic exists out there in cable-land.... I do know > that > > the modem drops dhcp requests (it has a rudimentry firewall) but why > > can't TCNZ drop more traffic at that point. > > > > I also understand that part of the push for the new cable plans is > > changing the equipment in the back... the many-ported box named > Bertha > > is to be replaced, which forces all the old plans to go. > > > > > > -----Original Message----- > > From: Craig Molloy [mailto:[EMAIL PROTECTED] > > Sent: Monday, 27 February 2006 5:40 p.m. > > To: [email protected] > > Subject: Re: OT - 172.20.18.55 port 67 > > > > > > Andy George wrote: > > > > Dear Andy, > > > > This traffic is generated by one of our servers on the cable modem > > network > I, as well as many others, would be very interested to know whether T/C > or > some other party installed the program which generates this traffic? > > > and is not malicious in anyway, > Being of a normally suspicious nature, until we see some more detailed > explanation I find this incredibly difficult to believe. > > > due to the shared nature of a cable network this activity is not > > uncommon. > In other words, there is a widely distributed exploited vulnerability in > > the server or modem software in the host numbered 172.20.18.55 on the > private network. This vulnerability allows the installation of a probing > > robot which uses the BOOTP port to detect the presence of machines on > the > network. It uses port 67 because ICMP requests are frequently filtered > out. I strongly suspect that the robot can also discover whether our > machines are ripe for exploitation in some nefarious way. > > > The traffic itself isn't > > routed and so it is not being counted as usage towards your allocated > > datacap, > I'm very relieved to hear that! > > > and I recommend you configure your firewall to ignore/drop and > > not log this BOOTP traffic. > > > i got the same reply EXACTLY word for word sounds like a auto > response. > That proves quite conclusively that T/C know about this 'issue', but > that > they are unable to fix the problem. After all it's been going on for > several months. > > > so now who do i send the bill for wasting my power logging this > traffic > > i dont need to see? > That's a bit specious, because the actual incremental cost to you is so > > small as to be unmeasureable. As the man says you could install an > iptables rule to drop the BOOTP traffic. > > Yes I do agree that they should fix the problem. > > The whole issue of this traffic would make for an interesting read in > technology page of The Press would it not?
Why not do a write-up and submit it? Wesley Parish > > -- > CS > "Sharpened hands are happy hands. "Brim the tinfall with mirthful bands" - A Deepness in the Sky, Vernor Vinge "I me. Shape middled me. I would come out into hot!" I from the spicy that day was overcasked mockingly - it's a symbol of the other horizon. - emacs : meta x dissociated-press
