From owner-freebsd-security Fri Jun 29 7:59:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id 539A837B401 for ; Fri, 29 Jun 2001 07:59:32 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 1108 invoked by uid 1000); 29 Jun 2001 15:04:02 -0000 Date: Fri, 29 Jun 2001 18:04:02 +0300 From: Peter Pentchev To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@freebsd.org Subject: Re: What is ipfw telling me ? Message-ID: <20010629180402.B535@ringworld.oblivion.bg> Mail-Followup-To: George.Giles@mcmail.vanderbilt.edu, freebsd-security@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from George.Giles@mcmail.vanderbilt.edu on Fri, Jun 29, 2001 at 09:49:54AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jun 29, 2001 at 09:49:54AM -0500, George.Giles@mcmail.vanderbilt.edu wrote: > What is ipfw telling me ? > > The 216 host is attempting to break in, but how is it using port 80 on the > other machine ? > > ipfw: 2400 Deny TCP 216.239.46.20:21602 10.0.0.1:80 in via xl0 The host 216.239.46.20 is trying to connect to 10.0.0.1; the connection attempt is from port 21602 (ephemeral, unique to this connection in a certain timeframe) to port 80 on 10.0.0.1. That is, someone from 216.239.46.20 is trying to browse the web on 10.0.0.1. G'luck, Peter -- This sentence claims to be an Epimenides paradox, but it is lying. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message