On 08/16/12 7:01 PM, fred smith wrote: > I'm getting a gazillion of these probes in my firewall logs. I don't > understand what's going on here,... These all look like bootp requests > from 10.21.72.1, to 255.255.255.255. > > there's certainly no 10.x.x.x here on this network, and I don't get the > destination address... is it possible to send packets out onto the > internet addressed like that? > > whois doesn't turn up anything on 10.21.72.1. > > Anybody got suggestions on how I'd track this down? > > Thanks! > > > Aug 16 21:13:59 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34040 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 > Aug 16 21:14:45 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34063 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 > Aug 16 21:15:08 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34075 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 > .... that looks like DHCP requests. maybe there's some piece of network gear on your gateway LAN thats trying to get autoconfigured?. -- john r pierce N 37, W 122 santa cruz ca mid-left coast