From owner-freebsd-security  Wed Nov 18 15:08:54 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA25770
          for freebsd-security-outgoing; Wed, 18 Nov 1998 15:08:54 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA25765
          for <security@FreeBSD.ORG>; Wed, 18 Nov 1998 15:08:52 -0800 (PST)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id PAA07539; Wed, 18 Nov 1998 15:07:28 -0800 (PST)
Received: from bubba.whistle.com( 207.76.205.7) by whistle.com via smap (V2.0)
	id xma007535; Wed, 18 Nov 98 15:07:15 -0800
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id PAA16728; Wed, 18 Nov 1998 15:07:14 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199811182307.PAA16728@bubba.whistle.com>
Subject: Re: What can it be?
In-Reply-To: <199811161220.PAA14992@enterprise.synchroline.ru> from "Alexander B. Povolotsky" at "Nov 16, 98 03:20:05 pm"
To: tarkhil@synchroline.ru
Date: Wed, 18 Nov 1998 15:07:14 -0800 (PST)
Cc: security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Alexander B. Povolotsky writes:
> My firewall logs lots of messages like these. Don't anyone know what can it 
> be? Kind of attack?
> 
> Nov 16 15:09:47 satellite /kernel: ipfw: 60000 Deny TCP 207.90.134.191 
> 195.16.101.2 in via fxp0 Fragment = 123

Perhaps you've got earlier rules that block port numbers and/or
TCP flags. These rules won't match fragments. Then the fragments
hit the later (logging) rule.. ?? If so you need to allow
(non zero offset) fragments.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message