From owner-freebsd-questions  Tue Oct 24 18: 4: 5 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from frontier.netnology.com.au (frontier.netnology.com.au [203.33.30.19])
	by hub.freebsd.org (Postfix) with ESMTP id 2A4AB37B479
	for <questions@freebsd.org>; Tue, 24 Oct 2000 18:03:59 -0700 (PDT)
Received: from dogbolter ([203.33.30.209])
	by frontier.netnology.com.au (8.8.7/8.8.7) with SMTP id KAA02029
	for <questions@freebsd.org>; Wed, 25 Oct 2000 10:27:36 +0800
From: "Craig Beasland" <craig@hotmix.com.au>
To: <questions@freebsd.org>
Subject: Possible network attack
Date: Wed, 25 Oct 2000 09:08:54 +0800
Message-ID: <B1471D5DCC74D4119444004005E23A2001CEA5@CORONA>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi there,

This morning I received an email from someone in nz suggesting that may
system may have been breached, based on some entries in his firewall log.
There are about 100 of these message he sent back to me, but I have no idea
what the problem may be.  The system is running

This machine runs userland ppp -ddial -alias for its internet connection and
ipfw with an open policy.

cheers
craig

8:02:44 drop   trex-public >qfe0 proto icmp src kipco.mydomain.com.au dst
95-127.team.xtra.co.nz rule 64 icmp-type 8 icmp-code 0
 8:02:44 drop   trex-public >qfe0 proto icmp src kipco.mydomain.com.au dst
95-126.team.xtra.co.nz rule 64 icmp-type 8 icmp-code 0
 8:02:44 drop   trex-public >qfe0 proto icmp src kipco.mydomain.com.au dst
95-125.team.xtra.co.nz rule 64 icmp-type 8 icmp-code 0
 8:02:44 drop   trex-public >qfe0 proto icmp src kipco.mydomain.com.au dst
95-124.team.xtra.co.nz rule 64 icmp-type 8 icmp-code 0
 8:02:44 drop   trex-public >qfe0 proto icmp src kipco.mydomain.com.au dst
95-123.team.xtra.co.nz rule 64 icmp-type 8 icmp-code 0
 8:02:44 drop   trex-public >qfe0 proto icmp src kipco.mydomain.com.au dst
95-122.team.xtra.co.nz rule 64 icmp-type 8 icmp-code 0
 8:02:44 drop   trex-public >qfe0 proto icmp src kipco.mydomain.com.au dst
95-121.team.xtra.co.nz rule 64 icmp-type 8 icmp-code 0



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message