I use cable modem. My default gateway is 88.207.92.1 and its bombarding me with what I assume is broadcasting messages. CIS is blocking them, but I wonder should I allow them?!? Outbound broadcast to 255.255.255.255 at port 67 are allowed and required for connecting, but these are inbound from default gateway’s address at port 67 to port 68 of what I assume is local network, which I am part of.
I`m using Windows 7, cable modem, Comodo Firewall v3.14… Computer has no viruses or spyware, but that is probably irrelevant since messages are originating elsewhere.
You can probably safely allow this (assuming you need it), this isn’t usually some sort of attack or something. It’s to do with something called DHCP [wikipedia.org] that deals with obtaining IP numbers for LAN members. You can find more detailed information about it here [linklogger.com].
255.255.255.255 is the limited broadcast address. It means that it is addressed to all hosts on the subnet. A router does not forward this type of broadcast to other subnets. No need to block.
You are right, this request isn`t unusual, but my DHCP server is at another IP address. This is coming thru my default gateway IP address. Is that normal?
It says in you article
UDP 192.168.1.1:67 → 255.255.255.255:68
This is typically a DHCP offer. NOTE it has to be broadcasted (255.255.255.255) as the requesting system doesn’t yet have an IP address (its contained in the offer).
But I already have an IP address, and I dont need to renew cause its brand new (used ipconfig /all to check expiry date)
When I added the incoming UDP from 88.207.92.1 port 67 to my IP address port 68 application rule the requests stopped, thats good! I do understand what DHCP is, DNS, default gateway and so on, but Im new to this sort of behavior of the default gateway. Never saw those kind of broadcasts a week before, so i guess it`s something new. Guys over at the service department of my ISP are as useful as knife in a gunfight (wanted to be polite).