From owner-freebsd-security Fri Jun 16 14:16:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.wolves.k12.mo.us (mail.wolves.k12.mo.us [207.160.214.1]) by hub.freebsd.org (Postfix) with ESMTP id A2E2D37C09E for ; Fri, 16 Jun 2000 14:16:19 -0700 (PDT) (envelope-from cdillon@wolves.k12.mo.us) Received: from mail.wolves.k12.mo.us (cdillon@mail.wolves.k12.mo.us [207.160.214.1]) by mail.wolves.k12.mo.us (8.9.3/8.9.3) with ESMTP id QAA46804; Fri, 16 Jun 2000 16:16:08 -0500 (CDT) (envelope-from cdillon@wolves.k12.mo.us) Date: Fri, 16 Jun 2000 16:16:08 -0500 (CDT) From: Chris Dillon To: Mike Tancsa Cc: Ian Smith , freebsd-security@FreeBSD.ORG Subject: Re: ipfw log entry In-Reply-To: <3.0.5.32.20000616161818.0284a960@marble.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 16 Jun 2000, Mike Tancsa wrote: > At 05:14 AM 6/17/00 +1000, Ian Smith wrote: > >As I mentioned to John, this host is res6.geocities.com. We see these > >here usually in big batches, perhaps about once a month on average, eg: > > > >May 22 18:14:39 gaia /kernel: > > ipfw: 65000 Count TCP 209.1.224.16 203.41.52.xxx in via tun0 Fragment = 147 > > I thought I recognized that IP address... > > ipfw: -1 Refuse TCP 209.1.224.16 206.130.91.146 in via fxp2 Fragment = 147 > ipfw: -1 Refuse TCP 209.1.224.16 206.130.91.146 in via fxp2 Fragment = 147 > > Sheesh! We lots of this in our logs as well. Ditto. I get these quite often. ipfw: -1 Refuse TCP 209.1.224.16 207.160.214.253 in via fxp7 Fragment = 147 ipfw: -1 Refuse TCP 209.1.224.16 207.160.214.253 in via fxp7 Fragment = 147 ipfw: -1 Refuse TCP 209.1.224.16 207.160.214.253 in via fxp7 Fragment = 147 Anyone figured out what/who this is yet? -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net FreeBSD: The fastest and most stable server OS on the planet. For Intel x86 and Alpha architectures. ( http://www.freebsd.org ) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message