Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Remote Access?

Reply
Thread Tools

Remote Access?

 
 
John Gregory
Guest
Posts: n/a
 
      12-29-2003
I added a new machine to my home network last month; a Pentium 4 running
Windows XP Home Edition. It ties in with a Pentium 2 running WIN98SE and a
486 machine running WIN95. All are plugged into a switch which plugs to a
router that connects to a cable modem.

My most used WIN98SE machine (which has a Norton Personal Firewall) has
begun reporting activity attempting to reach that machine. The remote
address given as 0.0.0.0,bootpc(followed by a #) and the local address as
255.255.255.255,bootp(followed by a number).

The report considers the threat High Risk so I continually block it. I've
never experienced such warning and I don't know how to identify the source
to determine if - perhaps - it's my new machine trying to do something on
the local network. There's only me using these three machines.

One thought that makes me suspect this may be an outside attempt is the fact
that the new machine has been connected for about a month. The messages just
began occurring last week. I suppose there is a chance that I may have
inadvertently triggered these by making some adjustment to a setting on the
new machine that I didn't fully understand.

If anyone can point me in the right direction, I'd be very appreciative.


 
Reply With Quote
 
 
 
 
Lawrence DčOliveiro
Guest
Posts: n/a
 
      12-31-2003
In article <8H%Hb.37641$(E-Mail Removed)>,
"John Gregory" <(E-Mail Removed)> wrote:

>My most used WIN98SE machine (which has a Norton Personal Firewall) has
>begun reporting activity attempting to reach that machine. The remote
>address given as 0.0.0.0,bootpc(followed by a #) and the local address as
>255.255.255.255,bootp(followed by a number).


Just a guess, could this be a machine somewhere else in the same subnet
as you, trying to boot itself via BOOTP? 255.255.255.255 would be the
broadcast address on the local subnet.

Does this happen continually, or does it only happen every now and then
for a few seconds? If the latter, that could mean that another machine
answered the BOOTP request. You're probably not even supposed to be
seeing this communication happening.
 
Reply With Quote
 
 
 
 
John Gregory
Guest
Posts: n/a
 
      12-31-2003
For the first three weeks with the new machine on the network it never
occurred. Now it occurs occasionally. The message appears, I click the box
to block the action, the message goes away and everything seems OK. I'd just
like to understand where the damn thing is coming from.


"Lawrence DčOliveiro" <(E-Mail Removed)_zealand> wrote in message
news:(E-Mail Removed)...
> In article <8H%Hb.37641$(E-Mail Removed)>,
> "John Gregory" <(E-Mail Removed)> wrote:
>
> >My most used WIN98SE machine (which has a Norton Personal Firewall) has
> >begun reporting activity attempting to reach that machine. The remote
> >address given as 0.0.0.0,bootpc(followed by a #) and the local address as
> >255.255.255.255,bootp(followed by a number).

>
> Just a guess, could this be a machine somewhere else in the same subnet
> as you, trying to boot itself via BOOTP? 255.255.255.255 would be the
> broadcast address on the local subnet.
>
> Does this happen continually, or does it only happen every now and then
> for a few seconds? If the latter, that could mean that another machine
> answered the BOOTP request. You're probably not even supposed to be
> seeing this communication happening.



 
Reply With Quote
 
N1POP
Guest
Posts: n/a
 
      12-31-2003
"John Gregory" <(E-Mail Removed)> wrote in message news:<8H%Hb.37641$(E-Mail Removed)>.. .
> I added a new machine to my home network last month; a Pentium 4 running
> Windows XP Home Edition. It ties in with a Pentium 2 running WIN98SE and a
> 486 machine running WIN95. All are plugged into a switch which plugs to a
> router that connects to a cable modem.
>
> My most used WIN98SE machine (which has a Norton Personal Firewall) has
> begun reporting activity attempting to reach that machine. The remote
> address given as 0.0.0.0,bootpc(followed by a #) and the local address as
> 255.255.255.255,bootp(followed by a number).


The activity is from a computer that does not yet have an IP address,
and it's using bootp to get one assigned.

> The report considers the threat High Risk so I continually block it.


If your 98 box does not assign addresses (primary domain controller),
then you are right to block the attempts.

> I've
> never experienced such warning and I don't know how to identify the source
> to determine if - perhaps - it's my new machine trying to do something on
> the local network. There's only me using these three machines.


It's my guess that your new machine is the culprit. You can try
disconnecting the net for a few hours and see if the events still
arrive (all machines should be powered up). If the events still
appear, then power down the other two machines one at a time (XP
first) for a few hours and see if the events stop.
 
Reply With Quote
 
Nick
Guest
Posts: n/a
 
      01-02-2004
N1POP wrote:
> "John Gregory" <(E-Mail Removed)> wrote in message news:<8H%Hb.37641$(E-Mail Removed)>.. .
>
>>I added a new machine to my home network last month; a Pentium 4 running
>>Windows XP Home Edition. It ties in with a Pentium 2 running WIN98SE and a
>>486 machine running WIN95. All are plugged into a switch which plugs to a
>>router that connects to a cable modem.
>>
>>My most used WIN98SE machine (which has a Norton Personal Firewall) has
>>begun reporting activity attempting to reach that machine. The remote
>>address given as 0.0.0.0,bootpc(followed by a #) and the local address as
>>255.255.255.255,bootp(followed by a number).

>
>
> The activity is from a computer that does not yet have an IP address,
> and it's using bootp to get one assigned.
>
>
>>The report considers the threat High Risk so I continually block it.

>
>
> If your 98 box does not assign addresses (primary domain controller),
> then you are right to block the attempts.
>
>
>>I've
>>never experienced such warning and I don't know how to identify the source
>>to determine if - perhaps - it's my new machine trying to do something on
>>the local network. There's only me using these three machines.

>
>
> It's my guess that your new machine is the culprit. You can try
> disconnecting the net for a few hours and see if the events still
> arrive (all machines should be powered up). If the events still
> appear, then power down the other two machines one at a time (XP
> first) for a few hours and see if the events stop.


Another suggestion is to download ethereal or another network sniffer
and record traffic until you see the error. Then you can view the
capture file and determine the mac address opf the offending pc.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
re: remote assistance and remote desktop eddy Computer Support 1 09-20-2005 03:44 AM
Ghost Console version 8 Remote Client install will not install to remote pc Ed Computer Support 3 03-18-2005 05:18 PM
Remote Assistance fails to connect, remote remote host name could not be resolved Peter Sale Wireless Networking 1 12-11-2004 09:09 PM
Difference between Remote Desktop and Remote Desktop for Admin Dave Marden MCSE 16 01-24-2004 12:47 PM
FS: Minolta Maxxum remote shutter release cord and remote flash cord Webkatz Digital Photography 1 07-17-2003 07:20 PM



Advertisments