Hello,
so i'm asking for your help again. This time the problem is in my lan. I've noticed strange packets dropped by the firewall with source adress set to 0.0.0.0 and destination - 255.255.255.255:
Code:
Apr 12 22:01:50 gw kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:80:48:1a:c1:cf:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=0
PROTO=UDP SPT=68 DPT=67 LEN=308
Apr 12 22:01:54 gw kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:80:48:1a:c1:cf:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=25
6 PROTO=UDP SPT=68 DPT=67 LEN=308
Apr 12 22:02:03 gw kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:80:48:1a:c1:cf:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=51
2 PROTO=UDP SPT=68 DPT=67 LEN=308
There are ussualy 3 packets in a row with 3-10 second delay between them. Then there's a longer delay and 3 packets again. And so on and on...
Does anyone know what software could send these packets?
And one more thing - i've tried to log all packets from that mac adress, but i don't know if altered it correctly, since iptables and other stuff takes 6 byte adress and the one in my logs is messy:
Code:
$IPT -A INPUT -i $INTIF -m mac --mac-source 00:80:48:1a:c1:cf -j LOG