Date: Sun, 25 Mar 2001 15:16:42 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: "Andrew C. Hornback" <hornback@wireco.net> Cc: Jim Freeze <jim@freeze.org>, FreeBSD Questions <questions@FreeBSD.ORG> Subject: Re: Meaging of Security Check? Message-ID: <20010325151642.C5425@rfx-216-196-73-168.users.reflex> In-Reply-To: <003b01c0b481$8ff5b7c0$0e00000a@tomcat>; from hornback@wireco.net on Sat, Mar 24, 2001 at 11:43:32AM -0500 References: <Pine.BSF.4.32.0103240744350.32267-100000@www.stelesys.com> <003b01c0b481$8ff5b7c0$0e00000a@tomcat>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 24, 2001 at 11:43:32AM -0500, Andrew C. Hornback wrote: > > -----Original Message----- > > From: owner-freebsd-questions@FreeBSD.ORG > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Jim Freeze > > Sent: Saturday, March 24, 2001 7:50 AM > > To: questions@freebsd.org > > Subject: Meaging of Security Check? > > > > > > Hi: > > > > I received the following security check and was wondering what it means: > > > > eeyore1 security check output > > > > eeyore1 kernel log messages: > > > x3f8-0x3ff irq 4 flags 0x10 on isa > > > ipfw: 40 Accept TCP 157.95.47.65:776 24.9.218.175:22 in via vx0 > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0 > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0 > > > ...where the above is repeated for about 100 lines > > > > I looked up port 67 in /etc/services and it says: > > > > bootps 67/tcp dhcps #Bootstrap Protocol Server > > bootps 67/udp dhcps #Bootstrap Protocol Server > > > > nslookup says: > > > > % nslookup 24.2.7.70 > > Server: proxy1.lxintn1.ky.home.com > > Address: 24.5.116.15 > > > > Name: lh1.rdc1.tn.home.com > > Address: 24.2.7.70 > > > > Can someone explain what is happening here? > > To my (semi)trained eye... you're subject to a new form of a DoS attack. [snip] Guys, guys. You're hurting me. It looks like Jim has broken his own DHCP setup. 24.9.218.175 looks like the address of the machine generating these logs, correct? It is blocking its own outgoing packets to lh1.rdc1.tn.home.com which is your DHCP server, right? Your machine is trying to renew its lease. You probably want to pass that traffic. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010325151642.C5425>