[CentOS] OT: what are all these probes from my firewall log????

fred smith

fredex at fcshome.stoneham.ma.us
Fri Aug 17 02:01:14 UTC 2012


I'm getting a gazillion of these probes in my firewall logs. I don't
understand what's going on here,... These all look like bootp requests
from 10.21.72.1, to 255.255.255.255. 

there's certainly no 10.x.x.x here on this network, and I don't get the
destination address... is it possible to send packets out onto the
internet addressed like that? 

whois doesn't turn up anything on 10.21.72.1. 

Anybody got suggestions on how I'd track this down?

Thanks!


Aug 16 21:13:59 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34040 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:14:45 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34063 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:15:08 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34075 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:15:46 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34102 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:16:00 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34114 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:16:40 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34139 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:16:45 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34149 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:16:47 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34152 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:17:05 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34175 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:17:07 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34178 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:17:08 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34181 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:17:08 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34183 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:17:16 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34188 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:17:49 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34210 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:18:27 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=411 TOS=0x00 PREC=0x00 TTL=255 ID=34243 PROTO=UDP <1>SPT=67 DPT=68 LEN=391 
Aug 16 21:18:27 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=411 TOS=0x00 PREC=0x00 TTL=255 ID=34248 PROTO=UDP <1>SPT=67 DPT=68 LEN=391 
Aug 16 21:18:31 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34253 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:18:33 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34255 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:18:33 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34257 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:18:33 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34259 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:18:41 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34271 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:18:50 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34280 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:19:11 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34293 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:19:12 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34295 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:19:42 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34306 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
Aug 16 21:19:51 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34315 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:20:53 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34359 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:21:04 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=34361 PROTO=UDP <1>SPT=67 DPT=68 LEN=308 
Aug 16 21:21:25 kernel: DROP <4>DROPIN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:eb:77:71:d9:08:00 <1>SRC=10.21.72.1 DST=255.255.255.255 <1>LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=34385 PROTO=UDP <1>SPT=67 DPT=68 LEN=328 
-- 
---- Fred Smith -- fredex at fcshome.stoneham.ma.us -----------------------------
  "For him who is able to keep you from falling and to present you before his 
 glorious presence without fault and with great joy--to the only God our Savior
 be glory, majesty, power and authority, through Jesus Christ our Lord, before
                     all ages, now and forevermore! Amen."
----------------------------- Jude 1:24,25 (niv) -----------------------------



More information about the CentOS mailing list