Le ven 02/05/2003 à 11:47, Keith Tin a écrit : > I found something strange in my iptables log. It was strange because I > put my server at ISP and I don't know why there was an internal IP > logged by my server. > > May 2 16:55:35 ABC kernel: FW-REJECT IN=eth0 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:10:5a:63:d3:d8:08:00 SRC=192.168.93.1 > DST=255.255.255.255 LEN=276 TOS=0x00 PREC=0x00 TTL=128 ID=34884 > PROTO=UDP SPT=68 DPT=67 LEN=256 Broadcast UDP packet from port 68 to port 67 $ grep 6[78]/udp /etc/services bootps 67/udp bootpc 68/udp [...] This is DHCP request from client to server. For client already has an IP, I would say it is a DHCP request confirmation or a bail renewal. > How can I block these kind of IP? Block all private IPs if they're not supposed to reach your server. I agree it's quite unsual to see DHCP stuff within a hosting infrastructure. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
