Re: UDP port 137 packets sent to 70.255.224.194 (and to otherhosts/nets as well)

[Andrew Frith <AndrewF () GATEWAY BM>]

I believe this came up a while back on this list.

The 169.254.0.0/16 addresses are automagically assigned by Win98 if it doesn't have an IP address & a DHCP server 
cannot be located (haven't checked if Win2K does this).  What sometimes happens with a machine having a NIC & a dial-up 
is that Win98 will get confused.  When doing NetBIOS lookups it will send them via all available addresses.  Including 
unroutable ones.  I doubt it's spoofed or malicious, just somebody dialed into their ISP with an unconfigured NIC.  
Just Windows trying to be intelligent.

> > > Pavel Lozhkin <pauel () BALAKOVO RU> 08/30/00 02:07AM >>>
>
> 169.254.0.0/16 is reserved for auto-configuration of local addresses
> in networks where no DHCP server is found[1].  That block is not (or
> at least should not) be routed over the internet backbones[2].  Any
> traffic from 169.254.0.0/16 is either from your local network, or
> forged--and either way, complaining to IANA or ISI is a waste of their
> time.

Thanks.I did not know it
Seems,i have read this in the RFC for the DHCPD and already forget

But this traffic is external for me and income from other nets,not mine - it is
exactly.This traffic was denied by EXTERNAL firewall with my router.
Any ideas ? is it fake UDP source ?


--
** The hedgehog is a proud bird, he does not fly without kick **

Pauel
System administrator
ICQ UIN 39596913 8990192
Phone (7-84570)-52525
      (7-84570)-40658

Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.