[RndTbl] Shaw DHCP weirdness or attack?
Sean Walberg
sean at ertw.com
Wed Dec 5 12:08:17 CST 2012
On Wed, Dec 5, 2012 at 11:59 AM, Trevor Cordes <trevor at tecnopolis.ca> wrote:
The packet is 50.72.224.1:67 to 255.255.255.255:68, 308 bytes
>
But is it to your MAC address or not?
> So my guess now is probably some nitwit has a DHCP server working the
> Shaw network side rather than their internal side? Or maybe a
> deliberate hack attempt to hand out bogus IPs?
>
The router is probably not the DHCP server, it's just the forwarder for a
backend management system. My guess is that our AsustekC friend is making a
request with a strange option 81 that's being blindly copied in the
response and since DHCP is a broadcast at this point, you're seeing it.
Sean
--
Sean Walberg <sean at ertw.com> http://ertw.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20121205/e3a9cba6/attachment.html>
More information about the Roundtable
mailing list