Date: Tue, 6 Nov 2001 10:19:27 -0500 (EST) From: Tim Wilde <twilde@dyndns.org> To: Chris <cs052279@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Have I been hacked? Message-ID: <Pine.GSO.4.40.0111061017480.13169-100000@quartz.bos.dyndns.org> In-Reply-To: <20011106151617.9015.qmail@web14803.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> That is the problem. The IP addresses listed here are > real. I have no machine with an IP of 0.0.0.0,68. It > is going from my firewall to the inside of my > network. > It looks like something on the firewall is looking for > a dhcp server. The IP 0.0.0.0 looks very suspicious > to me. I'm no expert on DHCP, but I'm relatively sure that'd be what a normal DHCP request would look like - the box requesting a DHCP lease doesn't have an IP address, so it sends it's DHCP discovery packet off with a source of 0.0.0.0 and a destination of 255.255.255.255 (the ethernet broadcast, unless I'm mistaken), UDP port 67. If you don't have anything that should be requesting a DHCP lease, that could be a problem, but if you're running dhclient anywhere, it's probably normal. Tim -- Tim Wilde twilde@dyndns.org Systems Administrator Dynamic DNS Network Services http://www.dyndns.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.40.0111061017480.13169-100000>