[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] attackalert UDP port: 67 question

Subject: RE: [cobalt-users] attackalert UDP port: 67 question
From: Mark Roebuck <mroebuck@xxxxxxxxxxxxxxxxxxx>
Date: Tue Apr 3 04:19:04 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

-----Original Message-----

on 3/4/01 1:57 pm, Mark Roebuck at mroebuck@xxxxxxxxxxxxxxxxxxx wrote:

> I have been getting the following in my logs for the last 19hrs:
> 
> Apr  3 13:16:41 www portsentry[796]: attackalert: Connect from host:
> 194.88.88.5/194.88.88.5 to UDP port: 67

<snip>

The problem is that the little beauty at 194.88.88.5, an NT Server is like
a little lost doggy who doesn't know how to get home for its boot
information.

And so it calls out wildly across the ether saying "Help do you have my
bootstrap information" .

And you, my friend are one of the thousands of people it's hit in trying.

either 

a. tell the owners that they should narrow their search for bootstrap data

b. tell portsentry to ignore this port. (Portsentry.conf warns that the
monitoring of UDP Port 67 is considered anal ;-)

c. Leave portsentry alone to block the attempters and configure Logcheck to
ignore the warning.

d. Invoice the IP owners for Disk space usage on your /var/log area ??!!??

Blessings
Revd Leonard Payne

a, c, d sound good to me.

Thanks for your help

Mark Roebuck

Prev by Date: [cobalt-users] Problems running cgi-wrap
Next by Date: [cobalt-users] IP and Host are showing incorrectly
Previous by thread: Re: [cobalt-users] attackalert UDP port: 67 question
Next by thread: [cobalt-users] Frontpage Forms email going to admin account

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index