I don't know if this can be used for anything, but it is a bit
puzzling anyway.
My ADSL connection uses a Cisco 677 router, running the CBOS
(Cisco Broadband OS). During a recent service outage, I noticed
something peculiar: The router broadcasts for other Cisco routers
when the WAN link goes down, using the well-known Cisco identification
port 1999.
(See http://www.geek-girl.com/bugtraq/1999_1/0226.html for the
story about Cisco's use of port 1999).
Here's how it looked on my Linux box, which handles syslog for the
router, and has ipchains firewalling rules setup:
Aug 8 05:14:46 adsl-router 087:20:22:36 PPP Info PPP Down Event on wan0-0
Aug 8 05:21:19 adsl-router 087:20:29:09 ATM Info WAN 0 physical layer is down
Aug 8 05:21:20 adsl-router 087:20:29:09 COMMANDER Info WAN 0 physical layer is down
Aug 8 05:21:20 osiris kernel: Packet log: input - eth1 PROTO=17 192.168.1.1:1999 255.255.255.255:1999 L=94 S=0x00 I=4136 F=0x4000 T=1 (#23)
192.168.1.1 is the adsl-router. I did not know that Cisco also uses
UDP port 1999, but apparently they do.
Now, the interesting thing of course is: What would have happened if
there was actually another Cisco router present that would answer to
this broadcast. Would my ADSL router start sending traffic to the
other router, or what is the purpose of this broadcast ?
Chris
Received on Aug 09 2000
Intro
