 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Hi, thanks for reading this. I just added a firewall rule that logs any attempt to spoof IP addresses. The rule logs any incoming traffic from RFC1918 (i.e., "detached network") addresses. I got a lot of packets like this in the log today. At first glance, it looks like someone is trying to connect a device that's setup for BOOTP, but the source port is 67, not 68. The only thing I can think of is that it's the cable company advertising DHCP services for the cable modems. Opinions? Jan 11 15:18:43 billhorne kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:b0:8e:f5:10:54:08:00 SRC=10.219.216.1 DST=255.255.255.255 LEN=360 TOS=0x00 PREC=0x00 TTL=255 ID=24721 PROTO=UDP SPT=67 DPT=68 LEN=340 Bill
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
