From owner-freebsd-questions  Sun Oct  3 17:13:32 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137])
	by hub.freebsd.org (Postfix) with ESMTP id 337AB14FF1
	for <questions@FreeBSD.org>; Sun,  3 Oct 1999 17:13:25 -0700 (PDT)
	(envelope-from grog@freebie.lemis.com)
Received: (from grog@localhost)
	by freebie.lemis.com (8.9.3/8.9.0) id JAA49951
	for questions@FreeBSD.org; Mon, 4 Oct 1999 09:43:23 +0930 (CST)
Received: from chmls05.mediaone.net (ne.mediaone.net [24.128.1.70])
	by freebie.lemis.com (8.9.3/8.9.0) with ESMTP id WAA47510
	for <grog@lemis.com>; Sun, 3 Oct 1999 22:17:44 +0930 (CST)
Received: from ne.mediaone.net (sderdau.ne.mediaone.net [24.218.2.59])
	by chmls05.mediaone.net (8.8.7/8.8.7) with ESMTP id IAA09064
	for <grog@lemis.com>; Sun, 3 Oct 1999 08:47:41 -0400 (EDT)
Message-ID: <37F75086.E83055B5@ne.mediaone.net>
Date: Sun, 03 Oct 1999 08:48:06 -0400
From: "Stephen A. Derdau" <sderdau@ne.mediaone.net>
X-Mailer: Mozilla 4.6 [en] (X11; I; Linux 2.2.5-15 i586)
X-Accept-Language: en
MIME-Version: 1.0
To: Greg Lehey <grog@lemis.com>
Subject: Re: Is someone trying to hack my system ?
References: <37F674E0.619A860F@ne.mediaone.net> <19991003121827.M40186@freebie.lemis.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Sorry you asked how far away web-associates-187-155.digisle.net is
:
traceroute to 167.216.187.155 (167.216.187.155), 30 hops max, 40 byte packets
 1  mnrtr01-mnswt01-vlan13 (24.218.2.1)  2.429 ms  2.157 ms  3.976 ms
 2  drrsm01-mnrtr01 (24.128.0.137)  3.006 ms  3.168 ms  3.263 ms
 3  lrrtr01-drrsm01 (24.128.0.133)  3.248 ms  3.672 ms  3.652 ms
 4  lrgsr01-lrrtr01 (24.128.190.81)  4.154 ms  3.338 ms  4.546 ms
 5  lwgsr01-lrgsr01 (24.128.190.57)  3.542 ms  3.984 ms  3.742 ms
 6  lwrtr01-lwgsr01 (24.128.190.42)  4.150 ms  4.461 ms  4.557 ms
 7  166.48.197.249 (166.48.197.249)  7.406 ms  7.685 ms  8.625 ms
 8  corerouter1.WestOrange.cw.net (204.70.9.138)  12.613 ms  11.550 ms  13.233
ms
 9  bordercore3.WestOrange.cw.net (166.48.8.1)  11.755 ms  11.140 ms  12.436
ms
10  166.48.9.246 (166.48.9.246)  13.885 ms  13.416 ms  13.191 ms
11  atm0-1-0-402-rt75sc03-sc.digisle.net (167.216.162.102)  87.823 ms  87.329
ms  86.734 ms
12  atm0-1-0-402-rt75sc03-sc.digisle.net (167.216.162.102)  86.785 ms  86.935
ms  86.918 ms
13  atm0-1-0-402-rt75sc03-sc.digisle.net (167.216.162.102)  87.028 ms !X *
87.605 ms !X
$



Greg Lehey wrote:

> [Format recovered--see http://www.lemis.com/email/email-format.html]
>
> On Saturday,  2 October 1999 at 17:10:56 -0400, Stephen Derdau wrote:
> > Subject: Is someone trying break in ?
> >
> >> Date: Sat, 02 Oct 1999 17:08:57 -0400
> >> From: Stephen Derdau <sderdau@ne.mediaone.net>
> >> To: freebsd-questions@ne.mediaone.net
> >>
> >> I've kinda been working on my security on my systems. IPFW !
> >> Now I'm seeing  stuff like this:
> >>
> >>  ipfw 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0
> >>  ipfw 65534 Deny UDP 24.218.3.41:520 24.218.3.255:520 in via ed0
> >> ipfw: 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0
> >> ipfw: 65534 Deny UDP 24.218.2.178:1455 255.255.255.255:8780 in via ed0
> >>  ipfw: 65534 Deny UDP 24.218.2.178:1460 255.255.255.255:28001 in via ed0
> >> ipfw: 65534 Deny UDP 24.218.2.49:27901 255.255.255.255:27910 in via ed0
> >> 65534 Deny UDP 24.218.2.127:8093 255.255.255.255:8349 in via ed0
> >>
> >> I'm seeing alot of this every few seconds and I'm wondering if this
> >> means someone is hacking my system or has or is trying.
>
> Since your own machine is 24.218.2.59, it would be reasonable to
> assume that most of these addresses are on your local net.
> 167.216.187.155 is web-associates-187-155.digisle.net.  Do you
> recognize them?  How far away are they?  These things could be as
> simple as some kind of broadcast packet.
>
> The rest of your message appears to be a repetition.
>
> Greg
> --
> When replying to this message, please copy the original recipients.
> For more information, see http://www.lemis.com/questions.html
> See complete headers for address, home page and phone numbers
> finger grog@lemis.com for PGP public key
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message