[CS-FSLUG] Net-bios/file-sharing "attack"
Ed Hurst
ehurst at asisaid.com
Wed Oct 12 16:24:06 CDT 2005
Stephen J. McCracken wrote:
>>Oct 11 22:24:40 crunch kernel: ipfw: 900 Deny UDP 192.168.1.64:138
>>192.168.1.255:138 in via rl0
>>Oct 12 07:59:36 crunch kernel: ipfw: 900 Deny UDP 192.168.1.64:68
>>255.255.255.255:67 in via rl0
>
> Ports 67 & 68 are for DHCP and therefore need to be broadcast much
> "wider" as it can't know the network it's on before receiving its ip
> address.
Okay, but why the high frequency? It's had the same IP address for the
past two days, and the queries are repeated at least every 15 minutes,
and often several times in rapid succession. I can't determine for
certain, but I doubt my own machine is doing that. I believe it only
broadcasts such requests when it fails to connect in the normal fashion.
--
Ed Hurst
-----------
Applied Bible -- http://ed.asisaid.com/bible/index.html
Plain & Simple Computer Help -- http://ed.asisaid.com/
Plain Package blog -- http://ed.asisaid.com/blog/
More information about the Christiansource
mailing list