[Dshield] odd scan any ideas?
david.vincent at mightyoaks.com
Thu Jun 19 15:20:49 GMT 2003
looks like a microsoft machine which couldn't reach a DHCP server, looking
for other machines. when windows boxes aren't statically configured and
don't have a DHCP server, they default to grabbing a random ip form the
169.254.x.y subnet with a mask of 255.255.0.0.
this looks like a broadcast to that subnet in an effort to find other
where was this log? what gathered this info?
> -----Original Message-----
> From: Mark Warner [mailto:warner at neb.com]
> Sent: June 19, 2003 7:36 AM
> To: 'General DShield Discussion List'
> Subject: [Dshield] odd scan any ideas?
> My logs have shown this for a few days now...
> Any ideas as to how or what?
> Jun 18 11:23:54 seq.neb.com gfw: [ID 702911 kern.info]
> securityalert: udp
> if=eri1 from 169.254.35.111:52429 to 169.254.255.255 on
> unserved port 137
> Mark Warner
> TelCom/Network Manager
> New England BioLabs Inc.
> 32 Tozer Rd
> Beverly MA
> 978.927.5054 Ext. 407 Office
> 978.921.1350 Fax
> warner at neb.com
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list