Security Incidents mailing list archives

Odd entries in my Security Router logs

From: Julian Young <julian.young () nl compuware com>
Date: 09 Dec 2002 10:37:47 +0100

I keep seeing these entry in my external routers log files.  Does any
one recognize theme and know what type of attack they are. ok is
obviously something to do with DHCP.   but i recently had  a firewall 
compromised  and i still don't know how.  since that wall had dhcp open
I wounder if this could have been the trick. 

I has left the ip number as they are since none of them belong to me or
in any range i use ! 

#   Time        Packet Information                             
Reason            Action
  1|Dec  8 02 |From:192.168.7.249   To:192.168.255.254 |match          
|block  
   | 09:37:12 |UDP     src port:00068 dest port:00067  |service deny   
|      
  2|Dec  8 02 |From:192.168.8.250   To:192.168.255.254 |match          
|block  
   | 09:37:12 |UDP     src port:00068 dest port:00067  |service deny   
|      
  3|Dec  8 02 |From:192.168.7.249   To:192.168.255.254 |match          
|block  
   | 15:45:32 |UDP     src port:00068 dest port:00067  |service deny   
|      




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

A small quandary Mahoney, Paul (Dec 05)
- RE: A small quandary Jerry Shenk (Dec 08)
- RE: A small quandary Rob Shein (Dec 08)
- Re: A small quandary H C (Dec 08)
  - RE: A small quandary Bojan Zdrnja (Dec 09)
- Re: A small quandary Mike Katz (Dec 08)
- Re: A small quandary gminick (Dec 08)
- Odd entries in my Security Router logs Julian Young (Dec 09)