From owner-freebsd-questions Sat Oct 2 14: 7:55 1999 Delivered-To: freebsd-questions@freebsd.org Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.128.1.71]) by hub.freebsd.org (Postfix) with ESMTP id 71D3914FD3 for ; Sat, 2 Oct 1999 14:07:36 -0700 (PDT) (envelope-from sderdau@ne.mediaone.net) Received: from ne.mediaone.net (sderdau.ne.mediaone.net [24.218.2.59]) by chmls06.mediaone.net (8.8.7/8.8.7) with ESMTP id RAA07263 for ; Sat, 2 Oct 1999 17:07:35 -0400 (EDT) Message-ID: <37F674E0.619A860F@ne.mediaone.net> Date: Sat, 02 Oct 1999 17:10:56 -0400 From: Stephen Derdau X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Is someone trying to hack my system ? Content-Type: multipart/mixed; boundary="------------649D2A6942A0DBC853D6E78C" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------649D2A6942A0DBC853D6E78C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Is someone trying break in ? > Date: Sat, 02 Oct 1999 17:08:57 -0400 > From: Stephen Derdau > To: freebsd-questions@ne.mediaone.net > > I've kinda been working on my security on my systems. IPFW ! > Now I'm seeing stuff like this: > > ipfw 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 > ipfw 65534 Deny UDP 24.218.3.41:520 24.218.3.255:520 in via ed0 > ipfw: 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 > ipfw: 65534 Deny UDP 24.218.2.178:1455 255.255.255.255:8780 in via ed0 > ipfw: 65534 Deny UDP 24.218.2.178:1460 255.255.255.255:28001 in via ed0 > > ipfw: 65534 Deny UDP 24.218.2.49:27901 255.255.255.255:27910 in via ed0 > 65534 Deny UDP 24.218.2.127:8093 255.255.255.255:8349 in via ed0 > > I'm seeing alot of this every few seconds and I'm wondering if this > means > someone is hacking my system or has or is trying. > > Thank You --------------649D2A6942A0DBC853D6E78C Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: <> Received: from chmls06.mediaone.net ([24.128.1.71]) by chmls14.mediaone.net (Netscape Messaging Server 4.1) with ESMTP id FIZULD00.RPV for ; Sat, 2 Oct 1999 17:05:37 -0400 Received: from localhost (localhost) by chmls06.mediaone.net (8.8.7/8.8.7) with internal id RAA07044; Sat, 2 Oct 1999 17:05:37 -0400 (EDT) Date: Sat, 2 Oct 1999 17:05:37 -0400 (EDT) From: Mail Delivery Subsystem Message-Id: <199910022105.RAA07044@chmls06.mediaone.net> To: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="RAA07044.938898337/chmls06.mediaone.net" Subject: Returned mail: User unknown Auto-Submitted: auto-generated (failure) X-Mozilla-Status2: 00000000 This is a MIME-encapsulated message --RAA07044.938898337/chmls06.mediaone.net The original message was received at Sat, 2 Oct 1999 17:05:37 -0400 (EDT) from sderdau.ne.mediaone.net [24.218.2.59] ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... while talking to chmls14.mediaone.net.: >>> RCPT To: <<< 550 Invalid recipient 550 ... User unknown --RAA07044.938898337/chmls06.mediaone.net Content-Type: message/delivery-status Reporting-MTA: dns; chmls06.mediaone.net Received-From-MTA: DNS; sderdau.ne.mediaone.net Arrival-Date: Sat, 2 Oct 1999 17:05:37 -0400 (EDT) Final-Recipient: RFC822; freebsd-questions@ne.mediaone.net Action: failed Status: 5.1.1 Remote-MTA: DNS; chmls14.mediaone.net Diagnostic-Code: SMTP; 550 Invalid recipient Last-Attempt-Date: Sat, 2 Oct 1999 17:05:37 -0400 (EDT) --RAA07044.938898337/chmls06.mediaone.net Content-Type: message/rfc822 Return-Path: Received: from ne.mediaone.net (sderdau.ne.mediaone.net [24.218.2.59]) by chmls06.mediaone.net (8.8.7/8.8.7) with ESMTP id RAA07039; Sat, 2 Oct 1999 17:05:37 -0400 (EDT) Sender: root Message-ID: <37F67469.16F2D840@ne.mediaone.net> Date: Sat, 02 Oct 1999 17:08:57 -0400 From: Stephen Derdau X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@ne.mediaone.net Subject: Is someone trying break in ? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I've kinda been working on my security on my systems. IPFW ! Now I'm seeing stuff like this: ipfw 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 ipfw 65534 Deny UDP 24.218.3.41:520 24.218.3.255:520 in via ed0 ipfw: 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 ipfw: 65534 Deny UDP 24.218.2.178:1455 255.255.255.255:8780 in via ed0 ipfw: 65534 Deny UDP 24.218.2.178:1460 255.255.255.255:28001 in via ed0 ipfw: 65534 Deny UDP 24.218.2.49:27901 255.255.255.255:27910 in via ed0 65534 Deny UDP 24.218.2.127:8093 255.255.255.255:8349 in via ed0 I'm seeing alot of this every few seconds and I'm wondering if this means someone is hacking my system or has or is trying. Thank You --RAA07044.938898337/chmls06.mediaone.net-- --------------649D2A6942A0DBC853D6E78C-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message