From owner-freebsd-security  Fri Jun 29 12:55:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from d170h113.resnet.uconn.edu (d170h113.resnet.uconn.edu [137.99.170.113])
	by hub.freebsd.org (Postfix) with SMTP id 5B12437B406
	for <freebsd-security@freebsd.org>; Fri, 29 Jun 2001 12:55:25 -0700 (PDT)
	(envelope-from sirmoo@cowbert.2y.net)
Received: (qmail 45163 invoked by uid 1001); 29 Jun 2001 19:58:31 -0000
Message-ID: <20010629195831.45162.qmail@d170h113.resnet.uconn.edu>
References: <OFB8BDE232.323E44F5-ON86256A7A.005144B2@MC.VANDERBILT.EDU>
In-Reply-To: <OFB8BDE232.323E44F5-ON86256A7A.005144B2@MC.VANDERBILT.EDU> 
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: George.Giles@mcmail.vanderbilt.edu
Cc: freebsd-security@freebsd.org
Subject: Re: What is ipfw telling me ?
Date: Fri, 29 Jun 2001 19:58:31 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Machines from the 216.239.46. subnet has been trying to attack my machine
as well, and this is not an isolated incident. Furthermore, i also know that 
i am not on the vanderbilt.edu network. Would looking at mynetwatchman's 
database help me figure out any other trends in attacks coming from 
216.239.46? 

Currently i'm not running any firewall (since i am not running any unsafe 
ports); only log_in_vain is enabled, but I almost want to configure ipf/w 
just so i can block this whole subnet. 

George.Giles@mcmail.vanderbilt.edu writes: 

> What is ipfw telling me ? 
> 
> The 216 host is attempting to break in, but how is it using port 80 on the
> other machine ? 
> 
>  ipfw: 2400 Deny TCP 216.239.46.20:21602 10.0.0.1:80 in via xl0 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
 


 -----------
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology |
Undergraduate Research Assistant/Honors Program
http://cowbert.2y.net/ 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message