Nick Rout wrote:
On Tue, 28 Feb 2006 13:02:35 +1300
Christopher Sawtell wrote:
due to the shared nature of a cable network this activity is not
uncommon.
In other words, there is a widely distributed exploited vulnerability in
the server or modem software in the host numbered 172.20.18.55 on the
private network. This vulnerability allows the installation of a probing
robot which uses the BOOTP port to detect the presence of machines on the
network. It uses port 67 because ICMP requests are frequently filtered
out. I strongly suspect that the robot can also discover whether our
machines are ripe for exploitation in some nefarious way.
Or maybe it is simply a broken machine on their network looking for a
bootp server so it can boot up!
Isn't that how bootp works? it broadcasts for a bootp server?
thats how i see it, sure telstra can see
the by the information on Source and Destination packet information.
|
