Date: Wed, 7 Feb 2001 11:38:15 -0800 From: "Casey Dinsmore" <cdinsmore@vatyx.com> To: <freebsd-security@freebsd.org> Subject: Interesting ipfw response Message-ID: <002301c0913d$8555d000$1717a8c0@netadmin>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] I've had a couple interesting entries in my log lately and wonder if someone could shed some light on these. How is it that they are being rejected with rule number -1? If I am having a problem with a ipfw ruleset could someone offer recommendations to fix and prevent this? Feb 4 14:25:22 axisintegrated /kernel: ipfw: -1 Refuse UDP 64.80.89.149:27015 1.1.1.1:1261 in via de0 Feb 4 14:25:22 axisintegrated /kernel: ipfw: -1 Refuse UDP 64.80.89.149:27015 1.1.1.1:1261 in via de0 Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:12336 1.1.1.1:22866 in via de0 Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:0 1.1.1.1:0 in via de0 Feb 6 09:24:38 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:12336 1.1.1.1:22871 in via de0 Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:12336 1.1.1.1:23089 in via de0 Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:0 1.1.1.1:0 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.30:65533 1.1.1.1:256 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.30:65533 1.1.1.1:1023 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.30:0 1.1.1.1:0 in via de0 My ip was changed to 1.1.1.1 obviously and the scanner IP address was not changed to protect the guilty. Thanks Casey Dinsmore [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 5.50.4522.1800" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>I've had a couple interesting entries in my log lately and wonder if someone could shed some light on these. How is it that they are being rejected with rule number -1? If I am having a problem with a ipfw ruleset could someone offer recommendations to fix and prevent this? </FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Feb 4 14:25:22 axisintegrated /kernel: ipfw: -1 Refuse UDP 64.80.89.149:27015 1.1.1.1:1261 in via de0<BR>Feb 4 14:25:22 axisintegrated /kernel: ipfw: -1 Refuse UDP 64.80.89.149:27015 1.1.1.1:1261 in via de0<BR>Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:12336 1.1.1.1:22866 in via de0<BR>Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:0 1.1.1.1:0 in via de0<BR>Feb 6 09:24:38 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:12336 1.1.1.1:22871 in via de0<BR>Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:12336 1.1.1.1:23089 in via de0<BR>Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:0 1.1.1.1:0 in via de0<BR>Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.30:65533 1.1.1.1:256 in via de0<BR>Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.30:65533 1.1.1.1:1023 in via de0<BR>Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.30:0 1.1.1.1:0 in via de0</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>My ip was changed to 1.1.1.1 obviously and the scanner IP address was not changed to protect the guilty.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Thanks</FONT></DIV> <DIV><FONT face=Arial size=2>Casey Dinsmore</FONT></DIV></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002301c0913d$8555d000$1717a8c0>