I'm getting a gazillion of these probes in my firewall logs. I don't understand what's going on here,... These all look like bootp requests from 10.21.72.1, to 255.255.255.255.
there's certainly no 10.x.x.x here on this network, and I don't get the destination address... is it possible to send packets out onto the internet addressed like that?
whois doesn't turn up anything on 10.21.72.1.
Anybody got suggestions on how I'd track this down?
Thanks!
Aug 16 21:13:59 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34040 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:14:45 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34063 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:15:08 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34075 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:15:46 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34102 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:16:00 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34114 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:16:40 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34139 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:16:45 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34149 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:16:47 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34152 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:17:05 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34175 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:17:07 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34178 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:17:08 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34181 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:17:08 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34183 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:17:16 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34188 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:17:49 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34210 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:18:27 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=411 TOS=0x00 PREC=0x00 TTL=255 ID=34243 PROTO=UDP <1>SPT=67 DPT=68 LEN=391 Aug 16 21:18:27 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=411 TOS=0x00 PREC=0x00 TTL=255 ID=34248 PROTO=UDP <1>SPT=67 DPT=68 LEN=391 Aug 16 21:18:31 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34253 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:18:33 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34255 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:18:33 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34257 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:18:33 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34259 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:18:41 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34271 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:18:50 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34280 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:19:11 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34293 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:19:12 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34295 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:19:42 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34306 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 Aug 16 21:19:51 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34315 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:20:53 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34359 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:21:04 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34361 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 Aug 16 21:21:25 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34385 PROTO=UDP <1>SPT=67 DPT=68 LEN=328