Date: Thu, 9 Jun 2005 23:42:29 -0300 (EST) From: Marcelo Souza <mpsouza@centroin.com.br> To: Karan Gupta <kgupta@edgefocus.com> Cc: freebsd-questions@freebsd.org Subject: Re: help! Strange traffic Message-ID: <Pine.BSI.4.33.0506092338040.2859-100000@hypselo.centroin.com.br> In-Reply-To: <42A8F897.6060305@edgefocus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, It seems that it's only SYN packets. Maybe someone is trying to use your machine as a gateway, or is only a misconfiguration. Review your policies to allow ONLY your internal network to use this machine as a gateway, and deny anything else. - Marcelo Souza On Thu, 9 Jun 2005, Karan Gupta wrote: |Hi | Im running a fBSD T1 router(a gatewat with a sangoma 514 csu/dsu card) |that performs dhcp, nat, ipfw firewall. |FreeBSD rtr-eee.eeee.com 4.8-RELEASE FreeBSD 4.8-RELEASE #4: Thu Jul 31 |04:47:04 PDT 2003 root@:/usr/src/sys/compile/GENERIC i386 | |Im seeing the following traffic on doing tcpdump on the external interface |01:12:15.875308 201.93.36.43.1913 > web.visp.ashosting.nl.http: S |1396310016:1396310016(0) win 16384 |01:12:15.876288 201.93.36.41.1587 > web.visp.ashosting.nl.http: S |802357248:802357248(0) win 16384 |01:12:15.885340 201.93.37.127.cuillamartin > web.visp.ashosting.nl.http: |S 1656750080:1656750080(0) win 16384 |01:12:15.886056 201.93.36.250.1194 > web.visp.ashosting.nl.http: S |1188954112:1188954112(0) win 16384 |01:12:15.886794 201.93.36.118.1613 > web.visp.ashosting.nl.http: S |474546176:474546176(0) win 16384 |01:12:15.887628 201.93.36.120.1135 > web.visp.ashosting.nl.http: S |224526336:224526336(0) win 16384 |01:12:15.895344 201.93.37.129.1073 > web.visp.ashosting.nl.http: S |5767168:5767168(0) win 16384 |01:12:15.896286 201.93.37.131.timbuktu-srv3 > |web.visp.ashosting.nl.http: S 2056323072:2056323072(0) win 16384 |01:12:15.905302 201.93.37.225.1341 > web.visp.ashosting.nl.http: S |2125070336:2125070336(0) win 16384 |01:12:15.906042 201.93.37.223.docstor > web.visp.ashosting.nl.http: S |1558642688:1558642688(0) win 16384 |01:12:15.915253 201.93.38.91.1842 > web.visp.ashosting.nl.http: S |1312751616:1312751616(0) win 16384 |01:12:15.916105 201.93.38.89.1326 > web.visp.ashosting.nl.http: S |1620377600:1620377600(0) win 16384 | |The 201.x.x.x is NOT from my local network. That would mean that |web.visp.ashosting.nl is being hosted on my network(weird!!)) ???? This |name doesnt resolve to any IP address either. How do i block this. I |tried blocking 201.93.0.0/16 but then the traffic started coming from |195.x.x.x | |Help!!!!!! | | |_______________________________________________ |freebsd-questions@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-questions |To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" | - Marcelo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.4.33.0506092338040.2859-100000>