Re: OT: what are all these probes from my firewall log????

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Saturday, August 18, 2012 11:01:26 AM fred smith wrote:
> On Sat, Aug 18, 2012 at 09:20:56AM -0500, Robert Nichols wrote:
> > On 08/16/2012 11:06 PM, fred smith wrote:
> > > hmm... just did traceroute 10.21.72.1 and it comes back as being a
> > > system at my ISP. that doesn't seem right to me. they shouldn't be
> > > broadcaasting such stuff, as far as I know, at least.

> > Those are BOOTP responses from your ISP's DHCP server to clients requesting
> > an IP address.  They have to be broadcast because the client does not yet
> > have an IP address. 

> that implies that there are a WHOLE LOT of systems served by this provider
> that are doing dhcp requests, given the volume of these things I'm seeing.
> they're arriving at rates ranging from 4-5 a second, to 1-2 a minute,
> mostly in the one every 1-5 seconds rate.

Welcome to NAT444.  Aka 'double-NAT' or 'carrier-grade NAT' where your connection's WAN port is further NATted at the ISP's border router, and the ISP itself is using RFC 1918 space and minimal publicly routable IP addresses.

There was a special IPv4 address block allocated for this purpose relatively recently; discussion can be found in the NANOG mailing list archives.....
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux