From owner-freebsd-questions Tue Nov 6 7:19:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from quartz.bos.dyndns.org (quartz.bos.dyndns.org [66.37.218.198]) by hub.freebsd.org (Postfix) with ESMTP id 105BC37B416 for ; Tue, 6 Nov 2001 07:19:30 -0800 (PST) Received: from localhost (twilde@localhost) by quartz.bos.dyndns.org (8.11.5/8.11.5) with ESMTP id fA6FJRU22390; Tue, 6 Nov 2001 10:19:27 -0500 (EST) Date: Tue, 6 Nov 2001 10:19:27 -0500 (EST) From: Tim Wilde X-X-Sender: twilde@quartz.bos.dyndns.org To: Chris Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Have I been hacked? In-Reply-To: <20011106151617.9015.qmail@web14803.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > That is the problem. The IP addresses listed here are > real. I have no machine with an IP of 0.0.0.0,68. It > is going from my firewall to the inside of my > network. > It looks like something on the firewall is looking for > a dhcp server. The IP 0.0.0.0 looks very suspicious > to me. I'm no expert on DHCP, but I'm relatively sure that'd be what a normal DHCP request would look like - the box requesting a DHCP lease doesn't have an IP address, so it sends it's DHCP discovery packet off with a source of 0.0.0.0 and a destination of 255.255.255.255 (the ethernet broadcast, unless I'm mistaken), UDP port 67. If you don't have anything that should be requesting a DHCP lease, that could be a problem, but if you're running dhclient anywhere, it's probably normal. Tim -- Tim Wilde twilde@dyndns.org Systems Administrator Dynamic DNS Network Services http://www.dyndns.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message