From owner-freebsd-security  Tue Mar 27 14:29:57 2001
Delivered-To: freebsd-security@freebsd.org
Received: from dagobert.skystream.nl (smtp.uwnet.nl [195.7.130.55])
	by hub.freebsd.org (Postfix) with ESMTP id 7E1E137B719
	for <freebsd-security@freebsd.org>; Tue, 27 Mar 2001 14:29:47 -0800 (PST)
	(envelope-from abgoeree@uwnet.nl)
Received: from dyn.dailup.c227128034.isd.to (dyn.dailup.c227128034.isd.to [213.227.128.34])
	by dagobert.skystream.nl (8.11.3/8.11.0) with ESMTP id f2RMXuA16822
	for <freebsd-security@freebsd.org>; Wed, 28 Mar 2001 00:33:58 +0200
Received: (qmail 75091 invoked by uid 1000); 27 Mar 2001 22:29:07 -0000
From: "Andre Goeree" <abgoeree@uwnet.nl>
Date: Wed, 28 Mar 2001 00:29:07 +0200
To: freebsd-security@freebsd.org
Subject: funny packets
Message-ID: <20010328002907.A75059@mandark.attica.home>
Reply-To: abgoeree@uwnet.nl
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-Sender: abgoeree@uwnet.nl
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello,

While CVSuppin' ports i caught some strange packets:

Mar 27 23:29:38 mandark /kernel: ipfw: 3900 Deny TCP 195.25.44.186:4828 213.227.128.244:4662 in via tun0
Mar 27 23:29:38 mandark /kernel: ipfw: 3900 Deny TCP 195.25.44.186:4828 213.227.128.244:4662 in via tun0
Mar 27 23:35:38 mandark /kernel: ipfw: 3900 Deny TCP 195.25.44.186:1075 213.227.128.244:4662 in via tun0
Mar 27 23:35:38 mandark /kernel: ipfw: 3900 Deny TCP 195.25.44.186:1075 213.227.128.244:4662 in via tun0

Notice the time between the messages, exactly 6 min.
195.25.44.186 was/is not resolvable.
Any ideas?

--Andre.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message