[olug] bootpc scan
Phil Brutsche
pbrutsch at creighton.edu
Tue May 1 14:43:21 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> For the last several days, logwatch has reported this IP hitting port
> bootpc.
> Before I escalate this to @Home, can anyone tell me about this port, the
> vulnerabilities, etc. Also, is anyone aware if this IP is attached to
> @Home security scans?
>
> Denied packets from lh1.rdc1.ne.home.com (24.2.4.70).
> Port bootpc (udp,eth0,input): 159 packet(s).
> Total of 159 packet(s).
Like Neal (puzzled at home.com) said, that's apparently one of @Home's
scanning boxes.
BOOTP is very similar to DHCP; it has the same basic set of capabilities
(handing out IPs to any host that asks), but DHCP is a "successor" of
sorts, and can give out many more types of info.
When you run a DHCP rot BOOTP client, your computer listens on the bootpc
port (UDP port 68) for reply messages from the DHCP server.
I have no idea why they scan for bootpc; they should *expect* it to be
there when they set up hosts to use DHCP! Unless, of course, they're
looking for hosts that aren't on DHCP, but should be...
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch at creighton.edu
GPG fingerprint: BDA4 C23C 1989 31FF CBE8 7EB4 6CA7 9636 941E 8451
GPG key id: 941E8451
GPG public key: http://www.creighton.edu/~pbrutsch/public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Made with pgp4pine
iD8DBQE67suXbKeWNpQehFERAuj0AJ9ndrItueMZmA9S7kVsNwnCbjx7jACePraF
Jr3NVQ/rzEimZSRsYVtZ3KM=
=ESt2
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list