Discussion in 'other firewalls' started by caspian, Jun 10, 2008.
Zone Alarm wanted to connect to 255.255.255.255DHCP. Does anyone know what that mean?
Thats your ISP's Subnet mask, its perfectly normal and ok, so Allow it
255.255.255.255 is the broadcast address of the sub-network with CIDR class 24.
When a computer sends a packet to this address, it is distributed to all other computers on the same grid.
For DHCP, this is an essential part of the DHCP session:
Stage 1: DHCP discovery, the host sends a udp packet from local port 68 to port 67, on broadcast address.
Stage 2: DHCP offer, only machines that listen on port 67 will respond to this packet, namely the DHCP server; if configured to accept packets from the particular host, the server will acknowledge the host.
Without going into details, this includes checking the existing IP lease etc...
Stage 3: DHCP request, the computer that sent the first packet will now receive the offer and if it finds it suitable, it will send another broadcast, asking for any remaining info that the DHCP server should deliver.
Stage 4: DHCP acknowledgement, the server will send the remaining info to the host, including additional data, like the dns server, ntp server etc...
In your case:
Your host is trying to contact the DHCP server. You should allow it, so that your machine can resume having its IP address.
You may consider creating an advanced rule, so instead of broadcasting, you will send dhcp packets only to specific server, in order to prevent possible rogue servers on the grid etc...
source: local port 68, local IP address, destination: remote port 67, server IP address (ask your ISP), protocol udp.
Thanks guys for explaining this.
Didnt I just say that, without getting All excited about it
Actually no ...
You said: Thats your ISP's Subnet mask ...
Which is not correct in this case. 255.255.255.255 will work on any /24 class network, regardless of the ISP, even if there is none.
The subnet class for the ISP will probably be something like /16 or even less.
The question here is: should one allow broadcasts, related to dhcp; for all practical purposes, the dhcp server can be another machine on the lan or the router.
Personal example, my lan machines broadcast on 255.255.255.255, but they only see the router's internal network interface. They have no idea an ISP even exists.
Broadcasting means sending data to broadcast address, which is usually the last IP in the range, which results in all hosts on the network being contacted simultaneously.
I stand corrected then
MRK went crazy in his explanation!
Separate names with a comma.