From owner-freebsd-questions Sun Dec 16 16:13:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.world-online.no (fe060.world-online.no [213.142.64.156]) by hub.freebsd.org (Postfix) with SMTP id 16E2F37B41D for ; Sun, 16 Dec 2001 16:13:42 -0800 (PST) Received: (qmail 15512 invoked by uid 0); 17 Dec 2001 00:13:40 -0000 Received: from 100.ppp1-9.oeke.tiscali.no (HELO maxi) (213.142.82.100) by mail010.world-online.no with SMTP; 17 Dec 2001 00:13:40 -0000 From: "Frederico Costa" To: "'Oliver, Michael W.'" , Subject: RE: Question about IPFW and ICMP:8.0 Date: Mon, 17 Dec 2001 01:11:40 +0100 Message-ID: <000001c1868f$6c05a880$0301a8c0@maxi> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal In-Reply-To: <1DA741CA6767A144BAA4F10012536C27A931@LKLDDC01.GARGANTUAN.COM> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ok, thanks for the prmpt reply. Ok, i found another one ICMP:11.0. But are these echo request normal? And why are they always for the same server ? Thanks Frederico > -----Original Message----- > From: Oliver, Michael W. [mailto:oliver.michael@gargantuan.com] > Sent: 17 December 2001 01:10 > To: 'Frederico Costa'; freebsd-questions@FreeBSD.ORG > Subject: RE: Question about IPFW and ICMP:8.0 > > > See RFC 792.... > > ICMP 8.0 is an ECHO request, initiated from the source > address in your log file. > > =========== > Michael Oliver > > -----Original Message----- > From: Frederico Costa [mailto:frederico.costa@tiscali.no] > Sent: Sunday, December 16, 2001 7:04 PM > To: freebsd-questions@FreeBSD.ORG > Subject: Question about IPFW and ICMP:8.0 > > > Hi all ... > > I have been using FreeBSD for almost 5 years, and lately > because of the several attempts to penetrate my system, I > have set up ipfw to restrict access from the outside to my network. > > Everything is working quiet well, but I am getting the > following log from ipfw several times: > > server /kernel: ipfw: 65435 Deny ICMP:8.0 213.142.81.223 > 64.4.13.33 out via tun0 > > I have been able to understand most of the logs, but this one > I just understand that ICMP is trying to send something out > to server 64.4.13.33. but it is saying ICMP:8.0 What that means ? > > And why should my server initiate connection without my knowledge ? > > Thanks in advance for any information... > > Frederico > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message