weird messages

Printable View

March 19th, 2002, 10:46 PM
the_mafia

weird messages

hi all im using mdk8.2 distro and doing NAT on a local network and im getting this annoying message , wich is logging with 3seconds difference and my /var/log/syslog is way bigger than suposed to , so can anyone help me wath service is the firewall denying ,
sorry if the informations are few , thanks in advance..

Packet log: i_eth0 DENY eth0 PROTO=17 10.18.0.1:67 255.255.255.255:68 L=328 S=0x00 I=65493 F=0x0000 T=255 (#12)
Packet log: i_eth0 DENY eth0 PROTO=17 10.18.0.1:67 255.255.255.255:68 L=328 S=0x00 I=65495 F=0x0000 T=255 (#12)
Packet log: i_eth0 DENY eth0 PROTO=17 10.18.0.1:67 255.255.255.255:68 L=328 S=0x00 I=65504 F=0x0000 T=255 (#12)
Packet log: i_eth0 DENY eth0 PROTO=17 10.18.0.1:67 255.255.255.255:68 L=328 S=0x00 I=65515 F=0x0000 T=255 (#12
March 19th, 2002, 11:07 PM
souleman

mdk? Isn't that a videogame? I thought they were only on version 3 or something.

Go to services.antionline.com or point an irc client to irc.antionline.com There are a few people in there that really know their firewall/ids crap. Ask for nnn/etch911/mrwall whatever he is going by these days.

Also, check the firewall/ids forum.
March 19th, 2002, 11:59 PM
cwk9

I think he means Mandrake Linux 8.2.
March 20th, 2002, 01:06 AM
the_mafia

well i guess that the problem is somehow related to the bootp protocol and dhcp server/client , isnt that so??? any clues ?
March 20th, 2002, 02:43 PM
sniper001

Quote:

Originally posted here by souleman
mdk? Isn't that a videogame? I thought they were only on version 3 or something.

Go to services.antionline.com or point an irc client to irc.antionline.com There are a few people in there that really know their firewall/ids crap. Ask for nnn/etch911/mrwall whatever he is going by these days.

Also, check the firewall/ids forum.

LOL !!!!!!!!
You play video games too much ! Of course MDK is a video game, but here we're talking about *nix, so it MUST be something else ! ;-)
mdk are the initials of ManDraKe, and the newest version is 8.2... got it ???
lol agin...
March 27th, 2002, 12:08 PM
steeld

DHCP, me thinks...

DHCP uses UDP as its transport protocol. The client sends messages to the server on port 67. The server sends messages to the client on port 68.
PROTO = 17 specifies UDP. I think TCP is 7. Looks like the client is sending requests to the server for an IP address (through DHCP).

<guess> The first part is the client sending a request to the server for an IP. The second part is the server (trying) responding to the client with a suggested IP. I presume this is 255.255.255.255 as the client doesn't yet have an IP, so this has to be a broadcast of some kind. </guess>
March 27th, 2002, 12:23 PM
str34m3r

This traffic is entirely harmless. I'm assuming that you're either on a cable modem or your using DHCP on your LAN. As steeld said, DHCP uses these ports to assign IP addresses. And since DHCP uses a concept similar to a lease, your computer has to renew its "lease" every so often. So when your computer is nearing the end of its lease, it will contact the DHCPD server and say "My MAC address is XX:XX:XX:XX:XX:XX and I need a new IP address. Then the DHCP server will send out a broadcast, which says something like this "MAC XX:XX:XX:XX:XX:XX:XX, I got your request and here is the IP address I have for you."

The reason DHCP uses 255.255.255.255 is so that it works equally well for computers that are joining the network and have no IP address. Obviously, the computer has no IP address yet, so it just listens for broadcasts with its MAC address to learn of its new IP address. I hope this helps clarify a bit.