From owner-freebsd-security Fri Jun 16 13:22:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id C977137C426 for ; Fri, 16 Jun 2000 13:22:09 -0700 (PDT) (envelope-from mike@sentex.ca) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id QAA86724; Fri, 16 Jun 2000 16:22:04 -0400 (EDT) (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id QAA03095; Fri, 16 Jun 2000 16:22:04 -0400 (EDT) Message-Id: <3.0.5.32.20000616161818.0284a960@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 16 Jun 2000 16:18:18 -0400 To: Ian Smith From: Mike Tancsa Subject: Re: ipfw log entry Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:14 AM 6/17/00 +1000, Ian Smith wrote: >As I mentioned to John, this host is res6.geocities.com. We see these >here usually in big batches, perhaps about once a month on average, eg: > >May 22 18:14:39 gaia /kernel: > ipfw: 65000 Count TCP 209.1.224.16 203.41.52.xxx in via tun0 Fragment = 147 I thought I recognized that IP address... ipfw: -1 Refuse TCP 209.1.224.16 206.130.91.146 in via fxp2 Fragment = 147 ipfw: -1 Refuse TCP 209.1.224.16 206.130.91.146 in via fxp2 Fragment = 147 Sheesh! We lots of this in our logs as well. ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Sentex Communications mike@sentex.net Cambridge, Ontario Canada www.sentex.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message