From owner-freebsd-questions@FreeBSD.ORG Thu Apr 14 04:13:45 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F336A16A4CE for ; Thu, 14 Apr 2005 04:13:44 +0000 (GMT) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D270043D1D for ; Thu, 14 Apr 2005 04:13:43 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1DLvgB-0000uU-Oc for freebsd-questions@freebsd.org; Thu, 14 Apr 2005 06:10:11 +0200 Received: from 63-224-222-139.spkn.qwest.net ([63.224.222.139]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 14 Apr 2005 06:10:11 +0200 Received: from sergei by 63-224-222-139.spkn.qwest.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 14 Apr 2005 06:10:11 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Sergei Gnezdov Date: Wed, 13 Apr 2005 21:02:27 -0700 Lines: 46 Message-ID: References: <1113426014.91701.18.camel@red.nativenerds.com> X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: 63-224-222-139.spkn.qwest.net User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: How to interpret ipfw log? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sergei@gnezdov.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2005 04:13:45 -0000 On 2005-04-13, Ed Stover wrote: > On Tue, 2005-04-12 at 23:28 -0400, bob@a1poweruser.com wrote: >> Your ipfw rule 2500 is denying those outbound packets >> 192.168.0.200:65117 is your ip address: port number >> 65.87.165.45:5800 is the remote target ip address and port number >> and this is leaving your pc on NIC named tx0 >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Sergei >> Gnezdov >> Sent: Tuesday, April 12, 2005 11:08 PM >> To: freebsd-questions@freebsd.org >> Subject: How to interpret ipfw log? >> >> The following firewall log seems to make very little sense to me. >> What could it possibly mean? >> >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117 >> 65.87.165.45:5800 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761 >> 65.87.165.45:1003 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116 >> 65.87.165.45:1362 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055 >> 65.87.165.45:6101 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352 >> 65.87.165.45:888 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272 >> 65.87.165.45:969 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267 >> 65.87.165.45:471 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164 >> 65.87.165.45:1496 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306 >> 65.87.165.45:5716 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970 >> 65.87.165.45:281 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115 >> 65.87.165.45:106 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007 >> 65.87.165.45:284 out via tx0 > looks like nmap ;) I don't remember running nmap. What are the chances that machine is compromised?