From owner-freebsd-security  Sun Jul  9  1:14:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ocis.ocis.net (ocis.ocis.net [209.52.173.1])
	by hub.freebsd.org (Postfix) with ESMTP id 838D437B54F
	for <freebsd-security@FreeBSD.ORG>; Sun,  9 Jul 2000 01:14:13 -0700 (PDT)
	(envelope-from vdrifter@ocis.ocis.net)
Received: from localhost (vdrifter@localhost)
	by ocis.ocis.net (8.9.3/8.9.3) with ESMTP id BAA20446
	for <freebsd-security@FreeBSD.ORG>; Sun, 9 Jul 2000 01:14:12 -0700
Date: Sun, 9 Jul 2000 01:14:12 -0700 (PDT)
From: John F Cuzzola <vdrifter@ocis.ocis.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: Firewall help
In-Reply-To: <20000708015002.5601.qmail@web213.mail.yahoo.com>
Message-ID: <Pine.LNX.4.21.0007090106390.20243-100000@ocis.ocis.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hi everyone, 
On a few occasions I get firewall log entries that look something like
this:
 
ipfw: 59000 Deny TCP 210.205.2.50:49088 255.255.255.255:80

My question is how does this happen? I mean I know 255.255.255.255 is the
network broadcast but how did I receive this entry? Does it mean the
source (210.205.2.50) scanned the entire class C network and the router
abbreviated the entry as destination 255.255.255.255 or is this a FreeBSD
logging abreviation for a range of ip's? (the entire network). Any
thoughts would be sincerely appreciated ...


(Ps: I'm using FreeBSD 4.0)




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message