Do I have somthing to worry about?

I'm running W2K advance server with Mcafee firewall software.  I found this line in the firewall logs was wondering if I need to be worried about it:

2001/08/02 12:14:41 AM: SERVICES port 68 (Bootp client) -  listening , lasting 61 second(s), 1200 bytes sent, 0 bytes received.

In my server logs, I found 12 different countries trying to get /default.ida.  I have all patches and hot fixes applied.  Any clues?

Also, how do I close port 68?
Stephen G
StephenGAsked:
Who is Participating?
 
DraakCommented:
there are two ports used for the bootp process on your server:
port 67 is used for the server requests. This means that any client requests for IP address from a dhcpserver enter that dhcpserver through port 67.

port 68 id used for the client requests. This means that if the Server gets an ip address from a dhcpserver, it will send the request through port 68 on to the network to a dhcpserver.

If your server receives an ip address from an ISP for the internet connection, then it sends this request for the ip address through port 68 to the dhcpserver of your ISP. If you close the port, then the server is unable to recieve an internet address, thus cutting your internet connection.

If you do not have any machine that need to receive an ip address  from a dhcpserver from across your firewall, you may close the port 68 and even the port 67.

closing port 67 prevents any client to send a request to your network from across the firewall.

closing port 68 prevents any of your client to send a request for ip to a dhcpserver acroos the firewall.

best regards

draak
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.