Date: Fri, 16 Jun 2000 22:48:02 +0100 From: Brian Somers <brian@Awfulhak.org> To: Chris Dillon <cdillon@wolves.k12.mo.us> Cc: Mike Tancsa <mike@sentex.ca>, Ian Smith <smithi@nimnet.asn.au>, freebsd-security@FreeBSD.org, brian@hak.lan.awfulhak.org, luigi@FreeBSD.org Subject: Re: ipfw log entry Message-ID: <200006162148.WAA02840@hak.lan.Awfulhak.org> In-Reply-To: Message from Chris Dillon <cdillon@wolves.k12.mo.us> of "Fri, 16 Jun 2000 16:16:08 CDT." <Pine.BSF.4.20.0006161609060.46720-100000@mail.wolves.k12.mo.us>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, 16 Jun 2000, Mike Tancsa wrote: > > > At 05:14 AM 6/17/00 +1000, Ian Smith wrote: > > >As I mentioned to John, this host is res6.geocities.com. We see these > > >here usually in big batches, perhaps about once a month on average, eg: > > > > > >May 22 18:14:39 gaia /kernel: > > > ipfw: 65000 Count TCP 209.1.224.16 203.41.52.xxx in via tun0 Fragment = 147 > > > > I thought I recognized that IP address... > > > > ipfw: -1 Refuse TCP 209.1.224.16 206.130.91.146 in via fxp2 Fragment = 147 > > ipfw: -1 Refuse TCP 209.1.224.16 206.130.91.146 in via fxp2 Fragment = 147 > > > > Sheesh! We lots of this in our logs as well. > > Ditto. I get these quite often. > > ipfw: -1 Refuse TCP 209.1.224.16 207.160.214.253 in via fxp7 Fragment = 147 > ipfw: -1 Refuse TCP 209.1.224.16 207.160.214.253 in via fxp7 Fragment = 147 > ipfw: -1 Refuse TCP 209.1.224.16 207.160.214.253 in via fxp7 Fragment = 147 > > Anyone figured out what/who this is yet? It's a problem in the firewall code - I think because of assumptions about minimum lengths of packets. I didn't figure this out, but I talked to luigi@ about it a couple of weeks ago. > -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net > FreeBSD: The fastest and most stable server OS on the planet. > For Intel x86 and Alpha architectures. ( http://www.freebsd.org ) -- Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> <http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org> Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006162148.WAA02840>