About every 2s, I get 4 x "Deny src_ip=0.0.0.0 dst_ip=0.0.0.0 pr=67/udp"

edited June 2020 in Firebox - Hardware

About every 2 seconds, I get the following on my second external port:
(It repeats 4 times)

"Deny src_ip=0.0.0.0 dst_ip=0.0.0.0 pr=67/udp src_port=0 dst_port=0 src_intf=2-External-2 dst_intf=Firebox msg=Denied pckt_len=328 ttl=128 policy=(Unhandled External Packet-00) proxy_action= proc_id="firewall" rc="101" msg_id="3000-0148" Traffic"

ATT happens to be the provider, if it matters.

Note: Ethernet Interface 0 has Spectrum as the provider and I do not get these errors/denial messages like this on that interface.

It looks like DHCP, but the interface (interface 2) is setup as a static.

Please let me know your thoughts.

Thank you for your time.

Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Logan5

    port 67 is part of BOOTP or DHCP, and is likely the ISP replying to DHCP requests elsewhere on their network. There may be DHCP clients somewhere on the network.

    The firewall is denying it -- so it's being dropped at the firewall. Unless it's for some reason being allowed, there's nothing to worry about here.

    If you'd like the traffic to stop, you'll need to contact your ISP and ask them to filter it before it gets to your firewall.

    -James Carson
    WatchGuard Customer Support

  • To stop seeing these in Traffic Monitor - you can add a DHCP-Server policy, From: External-2 To: Firebox, set it to Denied, and unselect Logging.

Sign In to comment.