[CentOS] OT: what are all these probes from my firewall log????

Fri Aug 17 03:27:27 UTC 2012
John R Pierce <pierce at hogranch.com>

On 08/16/12 7:01 PM, fred smith wrote:
> I'm getting a gazillion of these probes in my firewall logs. I don't
> understand what's going on here,... These all look like bootp requests
> from 10.21.72.1, to 255.255.255.255.
>
> there's certainly no 10.x.x.x here on this network, and I don't get the
> destination address... is it possible to send packets out onto the
> internet addressed like that?
>
> whois doesn't turn up anything on 10.21.72.1.
>
> Anybody got suggestions on how I'd track this down?
>
> Thanks!
>
>
> Aug 16 21:13:59 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34040 PROTO=UDP <1>SPT=67 DPT=68 LEN=308
> Aug 16 21:14:45 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34063 PROTO=UDP <1>SPT=67 DPT=68 LEN=308
> Aug 16 21:15:08 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34075 PROTO=UDP <1>SPT=67 DPT=68 LEN=308
> ....

that looks like DHCP requests.  maybe there's some piece of network gear 
on your gateway LAN thats trying to get autoconfigured?.






-- 
john r pierce                            N 37, W 122
santa cruz ca                         mid-left coast