From owner-freebsd-questions Sat Oct 2 19:48:46 1999 Delivered-To: freebsd-questions@freebsd.org Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by hub.freebsd.org (Postfix) with ESMTP id 5A74414C1D for ; Sat, 2 Oct 1999 19:48:36 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: (from grog@localhost) by freebie.lemis.com (8.9.3/8.9.0) id MAA45209; Sun, 3 Oct 1999 12:18:27 +0930 (CST) Date: Sun, 3 Oct 1999 12:18:27 +0930 From: Greg Lehey To: Stephen Derdau Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Is someone trying to hack my system ? Message-ID: <19991003121827.M40186@freebie.lemis.com> References: <37F674E0.619A860F@ne.mediaone.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <37F674E0.619A860F@ne.mediaone.net>; from Stephen Derdau on Sat, Oct 02, 1999 at 05:10:56PM -0400 WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Format recovered--see http://www.lemis.com/email/email-format.html] On Saturday, 2 October 1999 at 17:10:56 -0400, Stephen Derdau wrote: > Subject: Is someone trying break in ? > >> Date: Sat, 02 Oct 1999 17:08:57 -0400 >> From: Stephen Derdau >> To: freebsd-questions@ne.mediaone.net >> >> I've kinda been working on my security on my systems. IPFW ! >> Now I'm seeing stuff like this: >> >> ipfw 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 >> ipfw 65534 Deny UDP 24.218.3.41:520 24.218.3.255:520 in via ed0 >> ipfw: 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 >> ipfw: 65534 Deny UDP 24.218.2.178:1455 255.255.255.255:8780 in via ed0 >> ipfw: 65534 Deny UDP 24.218.2.178:1460 255.255.255.255:28001 in via ed0 >> ipfw: 65534 Deny UDP 24.218.2.49:27901 255.255.255.255:27910 in via ed0 >> 65534 Deny UDP 24.218.2.127:8093 255.255.255.255:8349 in via ed0 >> >> I'm seeing alot of this every few seconds and I'm wondering if this >> means someone is hacking my system or has or is trying. Since your own machine is 24.218.2.59, it would be reasonable to assume that most of these addresses are on your local net. 167.216.187.155 is web-associates-187-155.digisle.net. Do you recognize them? How far away are they? These things could be as simple as some kind of broadcast packet. The rest of your message appears to be a repetition. Greg -- When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message