Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Unknown Connection (http://www.velocityreviews.com/forums/t485815-unknown-connection.html)

Andreas Rainer 03-20-2007 10:04 PM

Unknown Connection
 
Router WRT54G Linksys (with DD-WRT Firmware)

In my syslog i have following:

8 12:03:44 I udp 10.34.107.25 67 255.255.255.255 68
2007/03/18 12:03:44 I udp 10.34.107.25 67 255.255.255.255 68
2007/03/18 12:03:43 I udp 10.34.107.25 67 255.255.255.255 68
2007/03/18 12:03:43 I udp 10.34.107.25 67 255.255.255.255 68
2007/03/18 12:03:34 I udp 10.34.107.25 67 255.255.255.255 68
2007/03/18 12:03:34 I udp 10.34.107.25 67 255.255.255.255 68
2007/03/18

I had this connection with Hyperwrt too!
Always denied and Service "bootpc" it was mentioned ...

ping and tracert to the ip is not possible, it times out ...

IP is a private one, so ripe unuseful ...

Is this another router?

Following to port it is:

68/tcp bootpc Bootstrap Protocol Client
68/udp bootpc Bootstrap Protocol Client

Connected is only one pc and sometimes my notebook ... (pc mostly
turned off then)

David H. Lipman 03-20-2007 10:33 PM

Re: Unknown Connection
 
From: "Andreas Rainer" <andreas.rainer@gmx.at>

| Router WRT54G Linksys (with DD-WRT Firmware)
|
| In my syslog i have following:
|
| 8 12:03:44 I udp 10.34.107.25 67 255.255.255.255 68
| 2007/03/18 12:03:44 I udp 10.34.107.25 67 255.255.255.255 68
| 2007/03/18 12:03:43 I udp 10.34.107.25 67 255.255.255.255 68
| 2007/03/18 12:03:43 I udp 10.34.107.25 67 255.255.255.255 68
| 2007/03/18 12:03:34 I udp 10.34.107.25 67 255.255.255.255 68
| 2007/03/18 12:03:34 I udp 10.34.107.25 67 255.255.255.255 68
| 2007/03/18
|
| I had this connection with Hyperwrt too!
| Always denied and Service "bootpc" it was mentioned ...
|
| ping and tracert to the ip is not possible, it times out ...
|
| IP is a private one, so ripe unuseful ...
|
| Is this another router?
|
| Following to port it is:
|
| 68/tcp bootpc Bootstrap Protocol Client
| 68/udp bootpc Bootstrap Protocol Client
|
| Connected is only one pc and sometimes my notebook ... (pc mostly
| turned off then)

There is no security aspect here. This is just a BootP request on a local, non-routable,
sub-net.

Futher queries should be made in a TCP/IP related News Group to understand Private Addresses
and the BootP Protocol.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Andreas Rainer 03-20-2007 10:41 PM

Re: Unknown Connection
 
On Tue, 20 Mar 2007 22:33:50 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>| Connected is only one pc and sometimes my notebook ... (pc mostly
>| turned off then)
>
>There is no security aspect here. This is just a BootP request on a local, non-routable,
>sub-net.

So it can't be a wireless hacker?
My Router has local and wireless LAN connection ...
internal IPs start with 192.168. ....
that's why i was wondering ...
>
>Futher queries should be made in a TCP/IP related News Group to understand Private Addresses
>and the BootP Protocol.

which group do you suggest?

David H. Lipman 03-20-2007 10:58 PM

Re: Unknown Connection
 
From: "Andreas Rainer" <andreas.rainer@gmx.at>


| So it can't be a wireless hacker?
| My Router has local and wireless LAN connection ...
| internal IPs start with 192.168. ....
| that's why i was wondering ...

If you are using wireless then it may be a remote platform trying to obtain an IP from the
Router. Since it is the WRONG network, it will go nowhwere.

TCP/UDP port 67 & 68 are used BootP/BootPS hich is the older way of obtainuing an IP address
which was replaced with DHCP.

If you want to increase wireless security, make sure that the Router will only assign
addresses to provided MAC addresses.


>>
>> Futher queries should be made in a TCP/IP related News Group to understand Private
>> Addresses and the BootP Protocol.

| which group do you suggest?

news:comp.protocols.tcp-ip



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Sebastian Gottschalk 03-21-2007 01:24 AM

Re: Unknown Connection
 
David H. Lipman wrote:

> From: "Andreas Rainer" <andreas.rainer@gmx.at>
>
>| So it can't be a wireless hacker?
>| My Router has local and wireless LAN connection ...
>| internal IPs start with 192.168. ....
>| that's why i was wondering ...
>
> If you are using wireless then it may be a remote platform trying to obtain an IP from the
> Router. Since it is the WRONG network, it will go nowhwere.
>
> TCP/UDP port 67 & 68 are used BootP/BootPS hich is the older way of obtainuing an IP address
> which was replaced with DHCP.


Ehm... this *is* DHCP.

> If you want to increase wireless security, make sure that the Router will only assign
> addresses to provided MAC addresses.


The increase in security is *zero*.

Andreas Rainer 03-21-2007 06:00 PM

Re: Unknown Connection
 
On Wed, 21 Mar 2007 02:24:46 +0100, Sebastian Gottschalk
<seppi@seppig.de> wrote:

>> TCP/UDP port 67 & 68 are used BootP/BootPS hich is the older way of obtainuing an IP address
>> which was replaced with DHCP.

>
>Ehm... this *is* DHCP.

I know that it is ;-)
The question where does it come from?
I only see the Wireless Networks (about 7 Routers and 2 Laptops seen),
but it seems strange to me, that i see an IP in my denied Log ...

My LAN IP starts with 192.168
Provider IP with 80.109 ...

So i am wondering from where the IP is ...
Wireless or Provider?
Tracert/ping are not possible

Thats why i thought maybe security thing ;-)
>
>> If you want to increase wireless security, make sure that the Router will only assign
>> addresses to provided MAC addresses.

>
>The increase in security is *zero*.

WPE 128 + Mac only assigned is set ;-)

Is it still possible to come a network, if both are set?

Sebastian Gottschalk 03-21-2007 10:38 PM

Re: Unknown Connection
 
Andreas Rainer wrote:

> On Wed, 21 Mar 2007 02:24:46 +0100, Sebastian Gottschalk
> <seppi@seppig.de> wrote:
>
>>> TCP/UDP port 67 & 68 are used BootP/BootPS hich is the older way of obtainuing an IP address
>>> which was replaced with DHCP.

>>
>>Ehm... this *is* DHCP.

> I know that it is ;-)
> The question where does it come from?
> I only see the Wireless Networks (about 7 Routers and 2 Laptops seen),


Since Wireless is an option, it could about anybody...

> WPE 128 + Mac only assigned is set ;-)
>
> Is it still possible to come a network, if both are set?


Cracking WEP-128 takes about 5 minutes on average. Cloning the MAC address
from legitimate packet flying around takes about 5 milliseconds.


All times are GMT. The time now is 05:52 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.