![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: Inbound UDP
Ellen
nobody at spamcop.net
Tue Oct 25 09:03:28 EDT 2005
"Fred K." <96q7vwa02 at sneakemail.com> wrote in message
news:djk46j$559$1 at news.spamcop.net...
> I got this and am wondering what to do besides nothing.
>
>
> 10/24/2005 2:11:55 PM,"Rule ""Default Block Bla Trojan horse"" blocked
> (169.254.249.73,1042).","Rule ""Default Block Bla Trojan horse"" blocked
> (169.254.249.73,1042). Inbound UDP packet. Local address,service is
> (localhost,1042). Remote address,service is (169.254.249.73,1042).
Process
> name is ""N/A""."
>
> NetRange: 169.254.0.0 - 169.254.255.255
> CIDR: 169.254.0.0/16
> NetName: LINKLOCAL
> NetHandle: NET-169-254-0-0-1
> Parent: NET-169-0-0-0-0
> NetType: IANA Special Use
> NameServer: BLACKHOLE-1.IANA.ORG
> NameServer: BLACKHOLE-2.IANA.ORG
> Comment: Please see RFC 3330 for additional information.
> RegDate: 1998-01-27
> Updated: 2002-10-14
>
> Is Blachole compromised? what significance does ",1042" at the end of the
IP
> have?
>
FWIW :
"Also, the 169.254 address space is a link local block that is mainly
used by DHCP clients that cannot find a DHCP server. As a last resort,
they issue themselves a random number from the 169.254 space. Recent
versions of Windows and the Mac OS do this. It lets you plug a bunch
of computers into a bunch of cable and create a LAN without any
configuration at all. They will all end up on the same address space
and will be able to talk to each other, even though they can't reach
the outside world. You could configure your home network to use
this space (that's perfectly legitimate: it's what that block is for),
unless your ISP is so incompetent that they even route that address
block -- and it appears that some do.
The 169.254 address space should not be routed at all, not even
internally within a network. So anyone seeing packets from that
address space should be able to assume that someone has installed
a new computer on their LAN, and it was unable to find a DHCP
server. If you are seeing 169.254 addresses coming from outside your
personal LAN, your ISP is running a broken (and insecure)
network."http://lists.sans.org/pipermail/list/2001-July/000703.htmlEllen
More information about the SpamCop-Help
mailing list