Curious as to whats going on in this log entry.



  • I was in an irc channel and some guy came in who apparently was causing trouble, and some of us gave him some lip, and while it may not have been him, I started seeing weird entries show up that I hadn't seen before and I was wondering if someone could interpret them for me.

    Here is a brief sampling.  em0 is my wan nic.

    If I recall correctly 10.xxx.xxx.xxx is a private address and shouldn't be passed by any internet routers, so how could I be getting dhcp requests on my wan from a private IP?  All my stuff runs on 192.168.1.0 subnet internally.

    1. 687949 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 301
    11. 007918 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 297
    004834 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 297
    4. 987533 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 301
    178745 rule 31/0(match): block in on em0: 172.16.129.49.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 325
    127055 rule 29/0(match): block in on em0: 10.174.211.129 > 224.0.0.1: igmp query v2
    019603 rule 29/0(match): block in on em0: 10.169.113.1 > 224.0.0.1: igmp query v2
    1. 922968 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 325
    2. 851174 rule 63/0(match): block in on em0: 69.247.201.218.2693 > 68.184.255.199.36833: [|tcp]
    1. 591635 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 285
    1. 420539 rule 63/0(match): block in on em0: 69.247.201.218.2693 > 68.184.255.199.36833: [|tcp]
    6. 038959 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 297
    351796 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 313
    2. 007022 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 313
    1. 627366 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 297
    11. 657064 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 297
    2. 205904 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 301
    184879 rule 29/0(match): block in on em0: 10.166.192.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 297
    11. 575626 rule 31/0(match): block in on em0: 172.16.129.49.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 325



  • This is standard DHCP traffic by your ISP and normal.



  • Alright.  Thanks, I appreciate it.  I've watched the logs before didn't remember ever seeing it.


Log in to reply