Hi all,
I always see one unknown host which broadcasts from UDP port 67 to the 255.255.255.68 there's an only outgoing data transfer from this host. Additionnally, it takes its own IP which doesn't correspond the settings of the DHCP server that I've set (I set that the addresses must be only 10.33.48.*** and this host is 10.43.***.***)
Please help me with your answers
Unknown host - no MAC address
Moderator: Moderators
-
DoesItMatter
- Moderator
- Posts: 1373
- Joined: Thu May 21, 2009 3:56 pm
Re: Unknown host - no MAC address
http://www.issociate.de/board/post/4281 ... rnet?.html
check that, it sounds like it may be something coming from your
cable / internet provider?
you could always try blocking that port with a firewall and
see what happens.
check that, it sounds like it may be something coming from your
cable / internet provider?
you could always try blocking that port with a firewall and
see what happens.
Soylent Green Is People! 2x Asus RT-N16 = Asus 3.0.0.4.374.43 Merlin
2x Buffalo WZR-HP-G300NH V1 A0D0 = Gargoyle 1.9.x / LEDE 17.01.x
2x Engenius - ESR900 Stock 1.4.0 / OpenWRT Trunk 49400
Re: Unknown host - no MAC address
OK, I've blocked in/out traffic to/from ports 67,68 - I see the same situation.
Also I blocked the access to network by IP of the host - and the host rests in the list of active connections.
Additionnaly, I began to see the 127.0.0.1:4096 to 127.0.0.1:53 connections.
Please help me with this...
Also I blocked the access to network by IP of the host - and the host rests in the list of active connections.
Additionnaly, I began to see the 127.0.0.1:4096 to 127.0.0.1:53 connections.
Please help me with this...
-
DoesItMatter
- Moderator
- Posts: 1373
- Joined: Thu May 21, 2009 3:56 pm
Re: Unknown host - no MAC address
More info is needed on your setup.
Here's info for Port 4096:
http://www.auditmypc.com/port/tcp-port-4096.asp
and port info on Port 53:
http://www.linklogger.com/TCP53.htm
---------------------------------
Are you running a DSL modem and your router as a Bridge?
127.0.0.1 is your machine's internal loopback address.
About the only thing that could be suspicious is if you have
some type of spyware or trojan programs that are running and
you are un-aware of those.
Here's info for Port 4096:
http://www.auditmypc.com/port/tcp-port-4096.asp
and port info on Port 53:
http://www.linklogger.com/TCP53.htm
---------------------------------
Are you running a DSL modem and your router as a Bridge?
127.0.0.1 is your machine's internal loopback address.
About the only thing that could be suspicious is if you have
some type of spyware or trojan programs that are running and
you are un-aware of those.
Soylent Green Is People! 2x Asus RT-N16 = Asus 3.0.0.4.374.43 Merlin
2x Buffalo WZR-HP-G300NH V1 A0D0 = Gargoyle 1.9.x / LEDE 17.01.x
2x Engenius - ESR900 Stock 1.4.0 / OpenWRT Trunk 49400
Re: Unknown host - no MAC address
I'm running the cable modem which gives me also telephone and digital TV. My provider tells me that I can't access this modem in any way.
The router is not a bridge. It's only an access point for my home network - most of hosts are wired and only my laptop is wireless and I've restricted access by MAC address in firewall.
Just found in the /etc/config/firewall this:
config 'rule'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '68'
option 'target' 'ACCEPT'
May be it is the cause of UDP traffic???
The router is not a bridge. It's only an access point for my home network - most of hosts are wired and only my laptop is wireless and I've restricted access by MAC address in firewall.
Just found in the /etc/config/firewall this:
config 'rule'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '68'
option 'target' 'ACCEPT'
May be it is the cause of UDP traffic???
-
DoesItMatter
- Moderator
- Posts: 1373
- Joined: Thu May 21, 2009 3:56 pm
Re: Unknown host - no MAC address
If you've only got 1 wireless device... what you could try to do
maybe over Thanksgiving or something, is disable the wireless
and see what happens.
Check if that mysterious IP shows up.
If it does not, then you can eliminate all the wired clients and
just have to look at the wireless connection and/or whatever
may be on your laptop.
Break it down in pieces. I suspect its nothing to be concerned
over as it looks like all these ports are used by normal DNS
and standard TCP/IP or UDP traffic.
maybe over Thanksgiving or something, is disable the wireless
and see what happens.
Check if that mysterious IP shows up.
If it does not, then you can eliminate all the wired clients and
just have to look at the wireless connection and/or whatever
may be on your laptop.
Break it down in pieces. I suspect its nothing to be concerned
over as it looks like all these ports are used by normal DNS
and standard TCP/IP or UDP traffic.
Soylent Green Is People! 2x Asus RT-N16 = Asus 3.0.0.4.374.43 Merlin
2x Buffalo WZR-HP-G300NH V1 A0D0 = Gargoyle 1.9.x / LEDE 17.01.x
2x Engenius - ESR900 Stock 1.4.0 / OpenWRT Trunk 49400
Re: Unknown host - no MAC address
OK I did many things at same time:
1. Put a comment to the lines of /etc/config/firewall;
2. Disabled wireless;
3. Selected the option "allow clients to use alternate DNS servers" in the Connection>basic>LAN;
I don't know where is the cause.... of this but the host disappeared..
Sorry, it has appeared again. I don't know what to do...
BTW - netstat -a output gives this:
******
********
udp 0 0 0.0.0.0:67 0.0.0.0:*
And there's an unkown device - ifconfig gives this:
imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
1. Put a comment to the lines of /etc/config/firewall;
2. Disabled wireless;
3. Selected the option "allow clients to use alternate DNS servers" in the Connection>basic>LAN;
I don't know where is the cause.... of this but the host disappeared..
Sorry, it has appeared again. I don't know what to do...
BTW - netstat -a output gives this:
******
********
udp 0 0 0.0.0.0:67 0.0.0.0:*
And there's an unkown device - ifconfig gives this:
imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00