[CentOS] OT: what are all these probes from my firewall log????
Lamar Owen
lowen at pari.edu
Sat Aug 25 12:41:26 UTC 2012
On Saturday, August 18, 2012 11:01:26 AM fred smith wrote:
> On Sat, Aug 18, 2012 at 09:20:56AM -0500, Robert Nichols wrote:
> > On 08/16/2012 11:06 PM, fred smith wrote:
> > > hmm... just did traceroute 10.21.72.1 and it comes back as being a
> > > system at my ISP. that doesn't seem right to me. they shouldn't be
> > > broadcaasting such stuff, as far as I know, at least.
> > Those are BOOTP responses from your ISP's DHCP server to clients requesting
> > an IP address. They have to be broadcast because the client does not yet
> > have an IP address.
> that implies that there are a WHOLE LOT of systems served by this provider
> that are doing dhcp requests, given the volume of these things I'm seeing.
> they're arriving at rates ranging from 4-5 a second, to 1-2 a minute,
> mostly in the one every 1-5 seconds rate.
Welcome to NAT444. Aka 'double-NAT' or 'carrier-grade NAT' where your connection's WAN port is further NATted at the ISP's border router, and the ISP itself is using RFC 1918 space and minimal publicly routable IP addresses.
There was a special IPv4 address block allocated for this purpose relatively recently; discussion can be found in the NANOG mailing list archives.....
More information about the CentOS
mailing list