[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] attackalert UDP port: 67 question

Subject: Re: [cobalt-users] attackalert UDP port: 67 question
From: Revd leonard payne <vicarage@xxxxxxxxxxxxxx>
Date: Tue Apr 3 02:51:48 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

on 3/4/01 1:57 pm, Mark Roebuck at mroebuck@xxxxxxxxxxxxxxxxxxx wrote:

> I have been getting the following in my logs for the last 19hrs:
> 
> Apr  3 13:16:41 www portsentry[796]: attackalert: Connect from host:
> 194.88.88.5/194.88.88.5 to UDP port: 67

<snip>

The problem is that the little beauty at 194.88.88.5, an NT Server is like
a little lost doggy who doesn't know how to get home for its boot
information.

And so it calls out wildly across the ether saying "Help do you have my
bootstrap information" .

And you, my friend are one of the thousands of people it's hit in trying.

either 

a. tell the owners that they should narrow their search for bootstrap data

b. tell portsentry to ignore this port. (Portsentry.conf warns that the
monitoring of UDP Port 67 is considered anal ;-)

c. Leave portsentry alone to block the attempters and configure Logcheck to
ignore the warning.

d. Invoice the IP owners for Disk space usage on your /var/log area ??!!??

Blessings
Revd Leonard Payne

References:
- [cobalt-users] attackalert UDP port: 67 question
  - From: Mark Roebuck

Prev by Date: [cobalt-users] test test test
Next by Date: RE: [cobalt-users] Cobalt Path Root
Previous by thread: [cobalt-users] attackalert UDP port: 67 question
Next by thread: Re: [cobalt-users] attackalert UDP port: 67 question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index