Printable View
Alert 4/27/2002 9:00:17 IP Filter This one time, the user has chosen to "block" communications. Details:
Inbound UDP packet
Local address,service is (255.255.255.255,bootps(67))
Remote address,service is (0.0.0.0,bootpc(68))
Process name is "N/A"
A i am like Duh what is trying to connect?
allot of french information that i found and it all says
block it but what actually is IT [pong]?[/pong]
Hm. I googled this and found out it was a BootStrap Protocol Server.
bootps 67/tcp Bootstrap Protocol Server
bootps 67/udp Bootstrap Protocol Server
bootpc 68/tcp Bootstrap Protocol Client
bootpc 68/udp Bootstrap Protocol Client
I searched google some more and found out that this in fact a trojan Horse. To get rid of this goto start > run > msconfig> startup > and uncheck bootps. If it isn't there goto the Services tab, and find it there.
udp port 67 is indeed for bootstrap, and it is NOT a trojan...
Acutally, bootstrap itself is not much used and is replaced with (what you will probably recongnize) DHCP. DHCP also runs on port 67 (it's an evolution of bootstrap).
Seeing that the remote address is 0.0.0.0, it sounds like a legit dhcp request brodacast...
Ammo
If your machine has "obtain IP address automatically", your NIC will broadcast a udp packet to anything listening on the bootp/dhcp port (67) and looks for the handshake that will allow a responding server to hand off an available IP address. Bootp is hardcoded while DHCP is dynamic.