From owner-freebsd-questions@FreeBSD.ORG Thu Apr 14 08:59:00 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E5E316A4CE for ; Thu, 14 Apr 2005 08:59:00 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEC9F43D31 for ; Thu, 14 Apr 2005 08:58:59 +0000 (GMT) (envelope-from clem.twain@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so344623rng for ; Thu, 14 Apr 2005 01:58:58 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:organization:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:x-enigmail-supports:content-type:content-transfer-encoding; b=eET3pcjCvIvyk+qe4Yv0aZ7eSFIViWI/NeiOCfKx3FWjRdu5ZwDE/2TEjxD+g5GCiXbwlJhDsjEjiLdnGy1eNY4aYYCO9jGw5vO5v1uV53XzSEJpZ9Xu1+F0cwDk1aRyz8I+px56zVaStMuIrsaTLoNVMmLXXleQlJujO4qeavQ= Received: by 10.38.160.51 with SMTP id i51mr810308rne; Thu, 14 Apr 2005 01:58:58 -0700 (PDT) Received: from ?196.216.3.2? ([196.216.3.2]) by mx.gmail.com with ESMTP id 63sm459695rna.2005.04.14.01.58.57; Thu, 14 Apr 2005 01:58:58 -0700 (PDT) Message-ID: <425E302A.6050008@gmail.com> Date: Thu, 14 Apr 2005 10:56:10 +0200 From: Clement Twine Organization: The Net Freax BV User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: sergei@gnezdov.net References: <1113426014.91701.18.camel@red.nativenerds.com> In-Reply-To: X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: How to interpret ipfw log? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: clem.twain@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2005 08:59:00 -0000 [...] >>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP >>> 192.168.0.200:64970 65.87.165.45:281 out via tx0 Apr 11 >>> 04:27:05 name kernel: ipfw: 2500 Deny TCP >>> 192.168.0.200:64115 65.87.165.45:106 out via tx0 Apr 11 >>> 04:27:05 name kernel: ipfw: 2500 Deny TCP >>> 192.168.0.200:62007 65.87.165.45:284 out via tx0 > >> looks like nmap ;) > > I don't remember running nmap. What are the chances that > machine is compromised? zero chances - your firewall denied the intruder anyway :-) clem.