Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Stop Port 67 and 68 from Broadcasting 1

Status
Not open for further replies.

dfin

MIS
Feb 7, 2003
11
CA
How do I stop ports 67 and 68 from broadcasting?
 
Without more info, here's a quick explanation.

DHCP uses ports 67 (server) and 68 (client). They are UDP broadcasts by design. The only way to stop that would be to remove DHCP server from your network and statically assign IP addresses.
 
A DHCP server listens on UDP port 67. Whenever a client needs a dynamically configured IP address, it sends a DHCPDISCOVER packet to port 67 from port 68. Because the client does not have an IP address yet, this must be an IP broadcast packet (meaning send to IP address 255.255.255.255). The server should be the only system listening to that port and will respond with a DHCPOFFER packet. This packet contains dynamic IP information and is sent to the client coming from port 67 to the client's port 68 (where the client is listening for any reply).

The client will respond with a DHCPREQUEST packet that basically says "I would like to use the IP address you gave me" to the server. The server then replies with a DHCPACK packet that informs the client it can use the IP address for a given amount of time (lease time) and with other IP information, like default gateways, DNS servers, etc. At that point the client closes port 68. The DHCP server has to leave port 67 open to answer other clients' request.
 
For some reason the DHCP server is constantly broadcasting, (as well as the client) out to the WAN...any comments?
 
What kind of logical network configuration do you have?

A router should not let broadcasts go to another network. The only reason would be if you have a "helper address" that takes broadcasts from one network and turns them into unicasts on another network. But your DHCP server should not be continuously broadcasting - only answering requests.

Does your WAN link keep coming up or due you just notice alot of traffic on the line?

If you give us some specifics as far as network config, hardware, etc., that should help diagnose the problem.
 
We have 4 wan Sites over a satellite link but each has its own sep DHCP server so no reason to be broadcasting out. The traffic we are seeing is showing on our firewall out to the WAN. We are also getting broadcasts from client computers as well. The reason I know this is b/c we have denied ports 67 & 68 on our firewall and so the broadcasts to the WAN are being denied.
 
It sound like I have a similar situation. I appologize if I am stepping on your thread. If I am, please let me know and I will start a new one.

I am connected to the internet through cable modem using dhcp. My firewall blocks everything except Internet Explorer. I also have smart DHCP enabled so my lease is renewed. I am having no lease renewal problems.

However, My firewall constantly blocks and logs an incoming broadcast messages from two different ip's starting with 10. It comes from port 67 and broadcasts to port 68. I do not have any lease renewal problems so I don't see where it is necessary. Do you have any idea why a server would be broadcasting these? It appears earlier comments on this thread said the client does the broadcasting as opposed to the server.

Thanks for any input you can provide.

Chris.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top