Date: Fri, 29 Jun 2001 10:33:34 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: <George.Giles@mcmail.vanderbilt.edu>, <freebsd-security@freebsd.org> Subject: Re: What is ipfw telling me ? Message-ID: <007801c100b0$e7527730$3028680a@tgt.com> References: <OFB8BDE232.323E44F5-ON86256A7A.005144B2@MC.VANDERBILT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
You may want to limit such abuse via firewall rules.
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny log all from any to 10.0.0.0/8 via ${oif}
${fwcmd} add deny log all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add deny log all from any to 192.168.0.0/16 via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny log all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add deny log all from any to 169.254.0.0/16 via ${oif}
${fwcmd} add deny log all from any to 192.0.2.0/24 via ${oif}
${fwcmd} add deny log all from any to 224.0.0.0/4 via ${oif}
${fwcmd} add deny log all from any to 240.0.0.0/4 via ${oif}
Tom Veldhouse
veldy@veldy.net
----- Original Message -----
From: <George.Giles@mcmail.vanderbilt.edu>
To: <freebsd-security@freebsd.org>
Sent: Friday, June 29, 2001 9:49 AM
Subject: What is ipfw telling me ?
> What is ipfw telling me ?
>
> The 216 host is attempting to break in, but how is it using port 80 on the
> other machine ?
>
> ipfw: 2400 Deny TCP 216.239.46.20:21602 10.0.0.1:80 in via xl0
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007801c100b0$e7527730$3028680a>