Date: Tue, 6 Nov 2001 09:39:45 -0700 From: "Mike Roest" <bsd-lists@blahz.ab.ca> To: "'Tim Wilde'" <twilde@dyndns.org>, "'Chris'" <cs052279@yahoo.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Have I been hacked? Message-ID: <000501c166e1$a76bd020$1e5d4018@zeus> In-Reply-To: <Pine.GSO.4.40.0111061017480.13169-100000@quartz.bos.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Yep Tim, That is what a regular DHCP request looks like. The most likely thing is that somewhere on the network that this machine is connected to a comp is trying to get an IP via DHCP. Since DHCP requests go out on broadcast any machine hooked to the same segment will see that request. So there really isn't anything to worry about with this Chris. -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Tim Wilde Sent: Tuesday, November 06, 2001 8:19 AM To: Chris Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Have I been hacked? > That is the problem. The IP addresses listed here are > real. I have no machine with an IP of 0.0.0.0,68. It > is going from my firewall to the inside of my > network. > It looks like something on the firewall is looking for > a dhcp server. The IP 0.0.0.0 looks very suspicious > to me. I'm no expert on DHCP, but I'm relatively sure that'd be what a normal DHCP request would look like - the box requesting a DHCP lease doesn't have an IP address, so it sends it's DHCP discovery packet off with a source of 0.0.0.0 and a destination of 255.255.255.255 (the ethernet broadcast, unless I'm mistaken), UDP port 67. If you don't have anything that should be requesting a DHCP lease, that could be a problem, but if you're running dhclient anywhere, it's probably normal. Tim -- Tim Wilde twilde@dyndns.org Systems Administrator Dynamic DNS Network Services http://www.dyndns.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000501c166e1$a76bd020$1e5d4018>