Security Incidents mailing list archives
Re: UDP port 137 packets sent to 70.255.224.194 (and to otherhosts/nets as well)
From: Andrew Frith <AndrewF () GATEWAY BM>
Date: Thu, 31 Aug 2000 10:01:50 -0300
I believe this came up a while back on this list. The 169.254.0.0/16 addresses are automagically assigned by Win98 if it doesn't have an IP address & a DHCP server cannot be located (haven't checked if Win2K does this). What sometimes happens with a machine having a NIC & a dial-up is that Win98 will get confused. When doing NetBIOS lookups it will send them via all available addresses. Including unroutable ones. I doubt it's spoofed or malicious, just somebody dialed into their ISP with an unconfigured NIC. Just Windows trying to be intelligent.
Pavel Lozhkin <pauel () BALAKOVO RU> 08/30/00 02:07AM >>>169.254.0.0/16 is reserved for auto-configuration of local addresses in networks where no DHCP server is found[1]. That block is not (or at least should not) be routed over the internet backbones[2]. Any traffic from 169.254.0.0/16 is either from your local network, or forged--and either way, complaining to IANA or ISI is a waste of their time.
Thanks.I did not know it Seems,i have read this in the RFC for the DHCPD and already forget But this traffic is external for me and income from other nets,not mine - it is exactly.This traffic was denied by EXTERNAL firewall with my router. Any ideas ? is it fake UDP source ? -- ** The hedgehog is a proud bird, he does not fly without kick ** Pauel System administrator ICQ UIN 39596913 8990192 Phone (7-84570)-52525 (7-84570)-40658 Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
Current thread:
- Re: UDP port 137 packets sent to 70.255.224.194 (and to otherhosts/nets as well) Andrew Frith (Aug 31)