Constant probes on UDP port 68 from comcast
Every minute and sometimes more than once a minute i get probes from a Comcast IP address that tries to connect to "255.255.255.255:68" and the ZyWALL USG20 drops them. From what I've red Comcast's DHCP service hands out IP's over this port but I already have an IP and am not asking for a new one (as far as I know). Comcast's website shows that they block this port as it is vulnerable to malicious attacks, if it's blocked why do i get probed on it every minute? (»customer.comcast.com/help-and-su···d-ports/)
The reason I put this in the ZyXEL forum is to see if this may be a configuration issue with the ZyWALL. Maybe it's configured wrong and asking for a new IP every minute? The ZyWALL is set to be the DHCP server for my network but this should not affect the WAN.
Any help appreciated.
I get those from Comcast too on my USG 50. A couple of years ago I created a firewall rule to block it without logging to help cleanup my logfile a bit and I haven't thought about it since.
|reply to Jay864 |
I assume you are on cable? If so, then its a reply from the DHCP server to a DHCP client. But since its destination is a broadcast address everybody on the same cable segment gets it. Even though its one of your neighbours that requested it, you still get to see the answer.
"Perl is executable line noise, Python is executable pseudo-code."