Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
I get bootp broadcasts from my dsl-uplink
  • From: Andreas Fiesser <fiesser@xxxxxxx>
  • Date: Tue, 04 Dec 2001 18:24:36 +0100
  • Message-id: <3C0D06D4.6691628E@xxxxxxx>

Hello List,

since 2-3 weeks my packet-filter gets bombed permanently by TDSL's
router. The IP which ifconfig ppp0 names after P-t-P:

About 10-20 times a minute I get the following:
-------------------------------------------------------------
FEBRUAR:/etc/rc.config.d # tcpdump dst host 255.255.255.255 -i ppp0
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on ppp0
17:26:25.789070 xxx.xxx.xxx.xxx.bootpc > 255.255.255.255.bootps:
xid:0x88866502 ether 0:d0:ba:70:50:ab [|bootp]
-------------------------------------------------------------

My questions :

How can I stop those lines in /var/log/messages and
/var/log/firewall ?
But only those regarding these broadcasts.

Is there a way to shield my box from inbound packets so that
pppoed's DOD can take it offline when there is no outbound traffic ?
The same issue apears with the usual scans on 80, 1214 and the other
common ports. SuSEfirewall2 blocks them out but pppd regards them as
traffic and keeps the connection alive.



I called T-Online's "hotline"

Person A: yes, there are problems with dsl in my area. I should wait
a few days.
Me: But ...

Person A: those packets are normal. They are the answers from tho
webservers I surf to.
Me: But it's only this box and this is yours.

[... please hold the line ...]

Person B: (Chef)
Person B: your firewall is WAY TOO tight. Losen the rulesets and you
don't see those packets no more.
Me: Where is the point of a filter then ?

Person B: those packets are neccesary so that the router can spot if
my box goes offline
Me: but due to those packets my box can't go offline by itself

Person B: no problem ... tdsl kicks you anyway after 24 h
Me: ARGHL ! !! !!!

My proposal, the router shouldn't ask the clients (the customers)
via constant bootstrap requests, was ruled out as nonsense.


Currently my SuSEfirewall2 settings are like this :
though I'd rather have DROP_CRIT at YES
-------------------------------------------------------------
FW_LOG_DROP_CRIT="no"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_ACCEPT_ALL="no"
-------------------------------------------------------------


Shouldn't those broadcast be ignored anyway ?
-------------------------------------------------------------
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
-------------------------------------------------------------


Here a few lines of my /var/log/messages
-------------------------------------------------------------
Dec 4 17:23:34 FEBRUAR kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT=
MAC= SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=604 TOS=0x00
PREC=0x00 TTL=255 ID=54221 PROTO=UDP SPT=68 DPT=67 LEN=584
Dec 4 17:23:37 FEBRUAR kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT=
MAC= SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=604 TOS=0x00
PREC=0x00 TTL=255 ID=54417 PROTO=UDP SPT=68 DPT=67 LEN=584
Dec 4 17:23:40 FEBRUAR kernel: SuSE-FW-UNALLOWED-TARGETIN=ppp0 OUT=
MAC= SRC=xxx.xxx.xxx.xxx DST=255.255.255.255 LEN=604 TOS=0x00
PREC=0x00 TTL=255 ID=54613 PROTO=UDP SPT=68 DPT=67 LEN=584
-------------------------------------------------------------

< Previous Next >
This Thread
  • No further messages