Date: Sun, 28 Oct 2001 13:05:40 -0800 From: Peter Haight <peterh@sapros.com> To: freebsd-security@freebsd.org Subject: ipfw dynamic entries I don't understand. Message-ID: <200110282105.f9SL5ex95768@wartch.sapros.com>
next in thread | raw e-mail | index | archive | help
Someone was portscanning my machine the other day. I have an ipfw setup with some dynamic rules and the guy doing the portscanner managed to get some of his connections to start as a dynamic rule. I had thought I had it setup so that only tcp connections originating from the server would start a dynamic rule. I'm using a set of rules which I grew from the 'simple' firewall rules (with NAT). This eventually filled up the dynamic rule table so that I couldn't make any more connections. Is there some way to fix this? Here's the entry: 02300 0 0 check-state 02700 0 0 allow tcp from any to 204.182.55.17 25 keep-state setup Here are some of the dynamic rules the portscanner caused. None of these are open ports. 02500 0 0 (T 14051, # 0) ty 0 tcp, 204.182.55.17 56866 <-> 212.72.17.78 125 02500 0 0 (T 13987, # 0) ty 0 tcp, 204.182.55.17 56866 <-> 212.72.17.78 1405 02500 0 0 (T 13984, # 0) ty 0 tcp, 204.182.55.17 56865 <-> 212.72.17.78 638 02500 0 0 (T 13999, # 1) ty 0 tcp, 204.182.55.17 56866 <-> 212.72.17.78 892 02500 0 0 (T 13989, # 1) ty 0 tcp, 204.182.55.17 56866 <-> 212.72.17.78 124 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110282105.f9SL5ex95768>