[Important Security Notice] Fake Qfinder Pro Websites Detected. Learn more >
Search

Why are there frequent captured and denied packets from source IP address 0.0.0.0 to destination IP 255.255.255.255?

Last modified date: 2024-10-14

Applicable Products

Applications

QuFirewall 2.4.2 and later

Scenario

Analysis of captured network traffic reveals a frequent occurrence of packets with unusual source IP addresses originating from source IP address 0.0.0.0 and destination IP address 255.255.255.255. Additionally, the Denied IP Analysis page identifies several rejected packets originating specifically from 0.0.0.0.

DHCP Discovery and Broadcast Packets

Within a network segment, the Dynamic Host Configuration Protocol (DHCP) plays a crucial role in automatically assigning IP addresses and other configuration settings to devices. During the initial stages of DHCP operation, client devices typically transmit DHCP discovery packets. These packets utilize a broadcast mechanism, meaning they are sent to all devices on the network segment using the destination IP address of 255.255.255.255. Notably, the source IP address in these discovery packets is often set to 0.0.0.0. This specific address serves as a placeholder, indicating that the device's IP address is not yet assigned.

The broadcast packets associated with DHCP discovery typically use the User Datagram Protocol (UDP). The communication between DHCP clients and servers commonly occurs on UDP ports 67 (DHCP client) and 68 (DHCP server).

Reasons for Generation of DHCP Discovery Packets

DHCP discovery packets are typically generated in the following scenarios:

  • Device startup: Upon initialization or restart, client devices (e.g., computers, phones, network printers) will often broadcast DHCP discovery packets to acquire an IP address and associated network configuration parameters.
  • Network onboarding: When a device is newly introduced to a network segment (e.g., via Ethernet cable or Wi-Fi connection), it may initiate DHCP discovery to obtain a suitable IP address.
  • Lease expiry: Following the expiration of a previously acquired DHCP lease, a client device may re-initiate the process by transmitting DHCP discovery packets to renew or obtain a new IP address.
  • Manual DHCP request: In specific scenarios, network administrators or users might manually trigger the transmission of DHCP discovery packets. This can occur during network configuration adjustments or when requesting a new IP address allocation.

Solution

If a significant number of captured and rejected packets with these specific source IPs are causing unwanted notifications or overloading logs, it's advisable to adjust your firewall profile settings to allow the creation or modification of a rule that permits traffic with the following characteristics:

  • Source IP address: 0.0.0.0
  • Destination IP address: 255.255.255.255
  • Protocol: UDP
  • Ports: 67 (source) and 68 (destination)

By enabling DHCP packet filtering with these specific criteria, you can optimize QuFirewall to focus on capturing and analyzing more critical network traffic, reducing the volume of captured DHCP discovery packets and associated notifications or log entries.

  1. Open QuFirewall.
    The Firewall Profiles page appears.
  2. Identify the firewall profile to modify.
  3. Click.
    The Edit Rule window appears.
  4. Select next to DHCP packets in the IPv4 Rules page.
  5. Click Apply.
    QuFirewall applies the profile settings and the Edit Rule window closes.

Was this article helpful?

Yes. No.
92% of people think it helps.
Thank you for your feedback.

Please tell us how this article can be improved:

If you want to provide additional feedback, please include it below.

Choose specification

      Show more Less
      Choose Your Country or Region
      open menu
      back to top