Carlos E. R. wrote:
On 2023-04-30 08:46, Per Jessen wrote:
It's a dhcp client looking for a dhcp server - what to do with it is up to you, depends on your context.
But thinking aloud, what is best to do with them? And how?
You have to consider the context. Single machine that runs a dhcp server or not? * if you need them, they should obviously be accepted. * if you're not sure if you need then, reject but log * if you don't need then, drop.
For example, if I accept them, do I add 0.0.0.0/32 or /0? Is it safe?
You just don't specify it, you simply accept broadcast udp traffic on ports 67 and 68. It is a broadcast message, it doesn't travel further than the next router.
Accepting them is less resources than writing a log entry, and less noise.
Those are not considerations pertinent to firewalling, not even on a 486dx2.
Can dropping them cause an issue for this machine?
I would ask the admin. :-)
Oh, another strange one. But just one packet.
<0.4> 2023-04-30T01:12:25.061938+02:00 Isengard kernel - - - [1301083.230432][ C3] FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:d0:...:00 SRC=192.168.1.200 DST=255.255.255.255 LEN=124 TOS=0x00 PREC=0x00 TTL=64 ID=45743 DF PROTO=UDP SPT=26999 DPT=26999 LEN=104
High ports - why even bother with looking at that?
Because it is curious. What on earth is that? It is not part of an ongoing conversation, it is a broadcast.
It's probably just "Tinder for Humax".
MAC Address: D0:FC:D0:4C:D1:6C (Unknown) ^^^^^^^^ That is Humax.
Yes, I said so later in the post.
I was only showing you that the MAC OUI will tell you.
How do you find the maker from the MAC?
You take the OUI - the first 3 octets - and do a look up: IEEE OUI - https://standards-oui.ieee.org/ (or use wireshark). ISTR being able to do a lookup in KDE, Alt-F2 and then <something>OUI - similar to "#manpage". Maybe I am imagining things. -- Per Jessen, Zürich (14.2°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes