UDP traffic from 10.x.x.x port 67 to port 68

What is it I once thought them to be ISP broadcast traffic but it scared me when once it send ICMP traffic in to my IP.

Obviously it’s a broadcast traffic since its destination is

But I don’t know what they are exactly. Can anyone suggest appropriate action for these traffics?

Sometimes I wouldn’t be able to get online(get an IP) unless I allow at least one of these traffic.

This traffic is caused by one of your Computers in your Network. I think you use a router.

10.x.x.x. and 192.168.x.x. are local IPs.

I think your computer is calling for a IP from your router with this broadcast call.

One of my friends has this call to Port 68 from 192.168.x.x., and yes, sometimes, if this traffic is blocked, connection can’t be established.

So i think you can allow this traffic to Port 68.

if you look up “10.x.x.x. ip” at google, you find several links for such IP and problems caused by programs.

Hi Michael.

What you’re seeing is DHCP traffic, specifically broadcasts from a DHCP server (I assume your router) to the network. It’s likely a DHCP offer or possibly a DHCP Acknowledgement.

Normally, however the communication from the server to a requesting client uses the clients MAC address as an identifier. Without putting a packet sniffer on the link, it’s not easy to tell. But it is DHCP traffic.

I thought so too
But I was expecting 192.168.x.x instead of 10.x.x.x

I’m just afraid that hacker would take advantage of this

So it’s safe to allow these I assume?

The 10… address and the 192.168… addresses are both IANA reserved address spaces. Do you use a router, if so, what are the settings for it’s DHCP function. if you don’t have a router, are you on a cable network?

Run ipconfig /all from a command prompt, i’ll tell you your DHCP server address.

I’m not with a router only a cable modem. And I have no network at home.

And I ran ipconfig /all

and those 10.x.x.x addresses blocked are not the DHCP server address.

Michael, your cable network uses the 10… address. Ports 67 and 68 are for DHCP. If you want to post here or pm me a screen shot of your ipconfig, I’ll be able to see what’s what.

Thank you I really appreciate you willing to take a look. Sorry about the delay.

Ipconfig /all screen

CIS log screen

Btw how do you turn off NetBIOS I’m aware it poses a security risk?

Hi Michael,

Well, your DHCP server is, which confirms my suspicions. The entries in the log are related to the same network and are likely servers at your ISP, although the configuration is a little strange. I’m pretty sure that if you ran a tracert to it would be single or perhaps a double hop.

Easiest thing to do, is phone your ISP and ask them what these addresses relate to. As I said before, these are all part of the 10… private address space, they are not valid Internet addresses.

To disable NetBIOS, open the properties of you network adapter, select /Networking/Internet Protocol v 4/Properties/Advanced/WINS

Then select Disable NetBIOS over TCP/IP

Hmm I called my ISP call center sometime ago the lady on the phone told me that they are not using such addresses for any purpose whatsoever. :o.

I know these addresses are private addresses just like the 192.168.x.x

But I’m concerned since CIS logged one of those 10.x.x.x as sending me an ICMP intrusion attempt to my internet address instead the usual broadcast! which indicates there’s man behind those private addresses instead of just machine.

Thank you I’ve disabled NetBIOS now.

Curious. Did the lady at the ISP say they weren’t using the 10… address at all, or just the 10.24…

Do you have the capture of the ICMP event?

The lady was saying they never use 10.anything. Could she be mistaken?

I don’t have that ICMP intrusion log capture.

The lady was saying they never use 10.anything. Could she be mistaken?

In the ipconfig screen shot you posted the DHCP server is So unless your cable modem is acting as a DHCP server, I’d say she may be incorrect.

I don't have that ICMP intrusion log capture.

That’s a shame, it would have been nice to know which ICMP message your were getting. By the way, on the subject of ICMP messages, It doesn’t require human intervention to generate these, in fact the majority of ICMP messages are generated automatically.

Yes I’m hoping that she was wrong.

Thank you for the enlightment on the ICMP