Re: Strange Packet logs in ipchains

["Paris Stone" <paris () ciscoinstructor net>]

Google up on Microsoft APIPA address.  Basically a workstation is setup for DHCP
but didn't get an address assigned to it for some reason(timeout).  It
automagically configures it's self to the M$ reserved class B 169.254.x.x address
without a gateway.

Sam Dirk (samdirk () online ie) wrote:
> Hi All,
>
> Yesterday I noticed the following entry in logs:
>
> Packet log: input REJECT eth0 PROTO=17 169.254.208.158:137
> 169.254.255.255:137 L=96 S=0x00 I=3072 F=0x0
> 000 T=128 (#9)
>
> This occured only on our internal (10.10.x.x address) network. The packets
> were seen three times over the course of the day but lasted for only one -
> two seconds so it was impossible to get a tcpdump.
>
> In addition the source address was either 169.254.208.158 or
> 169.254.24.111. We don't use the above addresses on the network so am I
>
> -------------------------------------------------------------------
> SurfControl E-mail Filter puts the brakes on spam,
> viruses and malicious code. Safeguard your business
> critical communications. Download a free 30-day trial:
> http://www.surfcontrol.com/go/zsfsbl1

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paris Stone
CISSP, CCNP, CNE/CNI, MCSE/MCT,
Master CIW Administrator, CIW Security Analyst, NSA
A+, Network+, iNet+
http://www.ciscoinstructor.net/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The rich man is not the one with the most, but the one who needs the least"



-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1