On Wed, Dec 5, 2012 at 11:59 AM, Trevor Cordes <span dir="ltr">&lt;<a href="mailto:trevor@tecnopolis.ca" target="_blank">trevor@tecnopolis.ca</a>&gt;</span> wrote:<div><br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The packet is <a href="http://50.72.224.1:67" target="_blank">50.72.224.1:67</a> to <a href="http://255.255.255.255:68" target="_blank">255.255.255.255:68</a>, 308 bytes<br>
</blockquote><div><br></div><div>But is it to your MAC address or not? </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So my guess now is probably some nitwit has a DHCP server working the<br>

Shaw network side rather than their internal side?  Or maybe a<br>
deliberate hack attempt to hand out bogus IPs?<br></blockquote><div><br></div><div>The router is probably not the DHCP server, it&#39;s just the forwarder for a backend management system. My guess is that our AsustekC friend is making a request with a strange option 81 that&#39;s being blindly copied in the response and since DHCP is a broadcast at this point, you&#39;re seeing it.</div>
<div><br></div><div>Sean</div><div> </div></div><div><br></div>-- <br>Sean Walberg &lt;<a href="mailto:sean@ertw.com" target="_blank">sean@ertw.com</a>&gt;    <a href="http://ertw.com/" target="_blank">http://ertw.com/</a><br>

</div></div>