| Port No | 68 |
| Service Name | bootpclient |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | DHCP Client, this used to query servers for network configuration information (IP address, network address, hostname, etc.) and other data such as Windows workgroup name, DNS server(s). |
| Reference Link | Port No:68 Service Name:bootpclient Protocol:UDP |
| Attack | Almost any dhcp traffic from or to external sources can be considered highly suspicious and likely represents an attack. Action: Firewall port 68 inbound and outbound where possible. DHCP traffic should not go beyond subnets, unless a dhcp relay is in use and then only the DHCP relay's traffic should be allowed. Most clients send DHCP requests as from the IP address 255.255.255.255 to the address 0.0.0.0 (in most cases they do not have an IP address currently). |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.