What is bootPC?

[John Connor]

In my incoming firewall log in the router I see a lot of bootPC. I can only guess this is something from the ISP. What is bootPC?

 

[VirtualLarry]

You mean, "BOOTP"? That was a predecessor to DHCP, for assigning IP addresses.

 

[John Connor]

Nope. BootPC.

 

[John Connor]

Looks like there are two different ports at work here. One is bootPC and the other is bootps.

https://www.grc.com/port_67.htm

https://www.grc.com/port_68.htm

 

[Red Squirrel]

I think it may be Windows related. Windows listens on all sorts of weird ports. This is normally how worms get in between patching cycles.

Hope that PC is actually behind a NAT device.

 

[John Connor]

I have Comodo firewall on all computers so nothing is going out and I have a WRT54GL flashed withg DD-WRT.

It's incoming.

 

[QuietDad]

Bootp/DHCP over UDP. Firewalls hooked to DSL and cable-modem lines see a ton of these sent to the broadcast address 255.255.255.255. These machines are asking to for an address assignment from a DHCP server. You could probably hack into them by giving them such an assignment and specifying yourself as the local router, then execute a wide range of man-in-the-middle attacks. The client requests configuration on a broadcast to port 68 (bootps). The server broadcasts back the response to port 67 (bootpc). The response uses some type of broadcast because the client doesn't yet have an IP address that can be sent to.

 

[John Connor]

What I don't understand is that I have the following IPtables in the router's firewall,

iptables -I OUTPUT -d 239.255.255.250 -j DROP iptables -I OUTPUT -d 224.0.0.22 -j DROP

Now the only thing I can think of is it's ISP related since it's on the input to the router.