Re: Strange Packet logs in ipchains

["Vic Parat (NSS)" <vic.parat () nssecurity com>]

Seems like you have a dhcp client that cannot find the dhcp server.
> From Microsoft
(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtech
nol/winxppro/proddocs/ras_config_incoming_tcpip.asp):
"If you select Assign TCP/IP addresses automatically using DHCP, but there
is no DHCP server available, random address from the range 169.254.0.1 to
169.254.255.254 are assigned. "

Vic Parat
----- Original Message -----
From: "Sam Dirk" <samdirk () online ie>
To: <security-basics () securityfocus com>
Sent: Tuesday, March 25, 2003 2:41 AM
Subject: Strange Packet logs in ipchains


> Hi All,
>
> Yesterday I noticed the following entry in logs:
>
> Packet log: input REJECT eth0 PROTO=17 169.254.208.158:137
> 169.254.255.255:137 L=96 S=0x00 I=3072 F=0x0
> 000 T=128 (#9)
>
> This occured only on our internal (10.10.x.x address) network. The packets
> were seen three times over the course of the day but lasted for only one -
> two seconds so it was impossible to get a tcpdump.
>
> In addition the source address was either 169.254.208.158 or
> 169.254.24.111. We don't use the above addresses on the network so am I
>
> -------------------------------------------------------------------
> SurfControl E-mail Filter puts the brakes on spam,
> viruses and malicious code. Safeguard your business
> critical communications. Download a free 30-day trial:
> http://www.surfcontrol.com/go/zsfsbl1


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1