Date: Thu, 10 Jan 2002 22:10:51 -0800 (PST) From: Tom Kersten <tomkersten98@yahoo.com> To: freebsd-questions@freebsd.org Subject: have i been hacked?????? Message-ID: <20020111061051.48666.qmail@web10007.mail.yahoo.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] Hello, When using the console (instead of xfree86's gui), today I started getting the following error to pop up every once in a while: Jan 10 18:20:41 tucson1 kernel: arplookup 24.1.240.41 failed: host is not on local network I have no idea what that ip address is and when I tried to to a "man arplookup" to read into the problem a little, I had zero luck. When looking on google, all I can come up with for common errors leading to this is that people have made a mistake in setting their netmask for their subnet. In my ipf.rules file (not ipfw), whenever I refer to my personal IP (which is static)...I have xxx.xxx.xxx/32. From my understanding, this should be correct. Also, I do not have a rule relating to this IP address. I am not sure what is going on. I have attached my ipf.rules file if you are interested, if you need anything else let me know. Has my setup been hacked or is this something else I have managed to screwed up? Any tips are appreciated.... TIA, Thomas Kersten p.s.-also...any tips on making my rules better for a web/ftp server are welcome also.....:) !!!!!!!! __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ [-- Attachment #2 --] #/etc/ipf.rules #Rules used for security by IPFIREWALL # ################################################################# # Outside Interface ################################################################# #--------------------------------------------------------------- # Prevent spoofing #-------------------------------------------------------------- block in on rl0 block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 0.0.0.0/8 to any block in quick on rl0 from 169.254.0.0/16 to any block in quick on rl0 from 204.152.64.0/23 to any block in quick on rl0 from 224.0.0.0/3 to any block in log quick on rl0 from my.ip.add.ress/32 to any block in log quick on rl0 from any my.ip.add.ress/32 #---------------------------------------------------------------- # Allow out all TCP, UDP, and ICMP traffic & keep state on it # so that it's allowed back in. #---------------------------------------------------------------- pass in quick on rl0 proto tcp from any to my.ip.add.ress port = 80 flags S keep state pass in quick on rl0 proto tcp from any to my.ip.add.ress port = 21 flags S keep state pass out quick on rl0 proto tcp from any to any keep state pass out quick on rl0 proto udp from any to any keep state pass out quick on rl0 proto icmp from any to any keep state block out quick on rl0 all #---------------------------------------------------------------- # Block and log all remaining traffic coming into the firewall # - Block TCP with a RST (to make it appear as if the service # isn't listening) # - Block UDP with an ICMP Port Unreachable (to make it appear # as if the service isn't listening) # - Block all remaining traffic the good 'ol fashioned way #---------------------------------------------------------------- block return-rst in log quick on rl0 proto tcp from any to any block return-icmp-as-dest(port-unr) in log quick on rl0 proto udp from any to any block in log quick on rl0 all ################################################################# # Loopback Interface ################################################################# #---------------------------------------------------------------- # Allow everything to/from loopback interface (ping, etc) #---------------------------------------------------------------- pass in quick on lo0 all pass out quick on lo0 allhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020111061051.48666.qmail>