“Date/Time :2007-02-01 05:26:07
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 85.226.116.xxx, Port = bootp(67))
Protocol: UDP Incoming
Source: 85.226.116.xxx:dhcp(68)
Destination: 255.255.255.255:bootp(67)
Reason: Network Control Rule ID = 10”
I have for a long time had this entries in my log.
85.226.116.xxx belongs to my ISP IP range and the three last digits in source varies all the time but always the same destination. Network Control Rule ID is my last rule that should reside in the bottom on the rule list.
Any ideas why Comodo blocks or shows this? Is there some kind of malware on my ISP´s network looking for new targets? If so, then there is alot of infected computers on my ISP´s network. :o
I have 100/10Mbit fiber (LAN) account.
It doesnt affect me in anyway as far as I know.
I know I dont have to worry since Comodo prevents this but how do I make a rule so I dont have to see that in my log? I cant find any “bootp67” in the dropdownlists when I creat network rules.
Easy peezy - make an inbound ALLOW network monitor rule that allows UDP traffic in on ports 67 and 68 from the range of IPs your ISP is using for DHCP allocation. These ports are used for DHCP allocation. If you dont need DHCP, make a BLOCK rule but don’t enable logging for that rule.
