Date: Mon, 24 Jul 2000 10:25:39 -0500 From: "Daryl Chance" <dchance@valuedata.net> To: "FreeBSD IPFW" <freebsd-ipfw@freebsd.org> Subject: Thanks and a Question Message-ID: <001b01bff583$6c8464c0$0200000a@development1>
next in thread | raw e-mail | index | archive | help
Hello, Thanks for the help on the firewall rules last friday, I wound up following a link from someones .sig and modified the FW rules on www.mostgraveconcern.com, thanks whoever (sorry, don't have the email anymore). Now, onto the question. I came in this morning and checked my security file and noticed the following entry: Jul 23 05:36:53 xxxx /kernel: ipfw: 400 Deny UDP 10.0.0.7:137 24.95.125.205:137 in via rl0 Jul 23 05:36:55 xxxx /kernel: ipfw: 400 Deny UDP 10.0.0.7:137 24.95.125.205:137 in via rl0 Jul 23 05:36:56 xxxx /kernel: ipfw: 400 Deny UDP 10.0.0.7:137 24.95.125.205:137 in via rl0 this someone trying to "forge" or "spoof" (sorry, not familiar with the terminology) an internal packet from an outside interface?. Is there anyway to log the actual ip, or not since it's been spoofed :). btw, whats special about 137? I know it's something specific to windows (at least IIRC). Thanks, Daryl Chance To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001b01bff583$6c8464c0$0200000a>