What is this?

Discussion in 'other firewalls' started by caspian, Jun 10, 2008.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Zone Alarm wanted to connect to 255.255.255.255DHCP. Does anyone know what that mean?
     
  2. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Thats your ISP's Subnet mask, its perfectly normal and ok, so Allow it :)
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    255.255.255.255 is the broadcast address of the sub-network with CIDR class 24.

    When a computer sends a packet to this address, it is distributed to all other computers on the same grid.

    For DHCP, this is an essential part of the DHCP session:

    Stage 1: DHCP discovery, the host sends a udp packet from local port 68 to port 67, on broadcast address.

    Stage 2: DHCP offer, only machines that listen on port 67 will respond to this packet, namely the DHCP server; if configured to accept packets from the particular host, the server will acknowledge the host.

    Without going into details, this includes checking the existing IP lease etc...

    Stage 3: DHCP request, the computer that sent the first packet will now receive the offer and if it finds it suitable, it will send another broadcast, asking for any remaining info that the DHCP server should deliver.

    Stage 4: DHCP acknowledgement, the server will send the remaining info to the host, including additional data, like the dns server, ntp server etc...

    In your case:
    Your host is trying to contact the DHCP server. You should allow it, so that your machine can resume having its IP address.

    You may consider creating an advanced rule, so instead of broadcasting, you will send dhcp packets only to specific server, in order to prevent possible rogue servers on the grid etc...

    Advanced rule:

    source: local port 68, local IP address, destination: remote port 67, server IP address (ask your ISP), protocol udp.

    Mrk
     
  4. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks guys for explaining this.
     
  5. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes

    Didnt I just say that, without getting All excited about it :D :p :cool: ;)
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    Actually no ...

    You said: Thats your ISP's Subnet mask ...

    Which is not correct in this case. 255.255.255.255 will work on any /24 class network, regardless of the ISP, even if there is none.

    The subnet class for the ISP will probably be something like /16 or even less.

    The question here is: should one allow broadcasts, related to dhcp; for all practical purposes, the dhcp server can be another machine on the lan or the router.

    Personal example, my lan machines broadcast on 255.255.255.255, but they only see the router's internal network interface. They have no idea an ISP even exists.

    Broadcasting means sending data to broadcast address, which is usually the last IP in the range, which results in all hosts on the network being contacted simultaneously.

    Mrk
     
  7. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    I stand corrected then :blink:
     
  8. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    MRK went crazy in his explanation! o_O
     
Loading...
Thread Status:
Not open for further replies.