• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What is bootPC?

John Connor

John Connor

Lifer
In my incoming firewall log in the router I see a lot of bootPC. I can only guess this is something from the ISP. What is bootPC?
 
Nope. BootPC.

lKrN0Of.jpg
 
I think it may be Windows related. Windows listens on all sorts of weird ports. This is normally how worms get in between patching cycles.

Hope that PC is actually behind a NAT device. 😛
 
I have Comodo firewall on all computers so nothing is going out and I have a WRT54GL flashed withg DD-WRT.

It's incoming.
 
Bootp/DHCP over UDP. Firewalls hooked to DSL and cable-modem lines see a ton of these sent to the broadcast address 255.255.255.255. These machines are asking to for an address assignment from a DHCP server. You could probably hack into them by giving them such an assignment and specifying yourself as the local router, then execute a wide range of man-in-the-middle attacks. The client requests configuration on a broadcast to port 68 (bootps). The server broadcasts back the response to port 67 (bootpc). The response uses some type of broadcast because the client doesn't yet have an IP address that can be sent to.
 
What I don't understand is that I have the following IPtables in the router's firewall,

iptables -I OUTPUT -d 239.255.255.250 -j DROP iptables -I OUTPUT -d 224.0.0.22 -j DROP

Now the only thing I can think of is it's ISP related since it's on the input to the router.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top