From owner-freebsd-security Tue Aug 3 16:27: 5 1999 Delivered-To: freebsd-security@freebsd.org Received: from garlic.acadiau.ca (garlic.acadiau.ca [131.162.2.48]) by hub.freebsd.org (Postfix) with ESMTP id 1273E14C46 for ; Tue, 3 Aug 1999 16:27:02 -0700 (PDT) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon (dragon.acadiau.ca [131.162.200.56]) by garlic.acadiau.ca (8.8.5/8.8.5) with ESMTP id UAA20328; Tue, 3 Aug 1999 20:25:14 -0300 (ADT) Date: Tue, 3 Aug 1999 20:25:12 -0300 (ADT) From: Michael Richards <026809r@dragon.acadiau.ca> X-Sender: 026809r@dragon To: Darren Reed Cc: security@FreeBSD.ORG Subject: Re: Odd ICMP packets being logged In-Reply-To: <199908032242.IAA27809@cheops.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Aug 1999, Darren Reed wrote: > > I'm seeing some odd packets being logged via my ipf. I've looked around > > but not really found any good resources on ipfilter/ipnat. I can't find > > this documented: > > 03/08/1999 17:03:03.370491 vx0 @0:5 b ###.###.###.### -> 10.23.3.2 PR icmp > > len 20 43 icmp 8/0 > > Date Time interface group:rule block sourceIP -> destip PR protocol len > ip-header-length ip-length icmp type/code > > It's actually coming from rule #5. Type 8 is ECHO so it's a ping packet. Hrm. That's kinda odd... Rule #5 is: block return-rst in log quick on vx0 proto tcp from any to any port = 25 Can't see why that would be logging an ICMP... -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message