From owner-freebsd-security Wed Feb 7 11:26:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from dudley.dnc.net (dudley.dnc.net [206.58.127.16]) by hub.freebsd.org (Postfix) with ESMTP id 98E3637B401 for ; Wed, 7 Feb 2001 11:25:53 -0800 (PST) Received: from netadmin (dialup-c5-30.pdx.or.uspops.net [207.189.165.30] (may be forged)) by dudley.dnc.net (8.9.3/8.9.3) with SMTP id LAA80760 for ; Wed, 7 Feb 2001 11:40:51 -0800 (PST) (envelope-from cdinsmore@vatyx.com) Message-ID: <002301c0913d$8555d000$1717a8c0@netadmin> From: "Casey Dinsmore" To: Subject: Interesting ipfw response Date: Wed, 7 Feb 2001 11:38:15 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0020_01C090FA.75715800" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0020_01C090FA.75715800 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I've had a couple interesting entries in my log lately and wonder if = someone could shed some light on these. How is it that they are being = rejected with rule number -1? If I am having a problem with a ipfw = ruleset could someone offer recommendations to fix and prevent this? =20 Feb 4 14:25:22 axisintegrated /kernel: ipfw: -1 Refuse UDP = 64.80.89.149:27015 1.1.1.1:1261 in via de0 Feb 4 14:25:22 axisintegrated /kernel: ipfw: -1 Refuse UDP = 64.80.89.149:27015 1.1.1.1:1261 in via de0 Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:12336 1.1.1.1:22866 in via de0 Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:0 1.1.1.1:0 in via de0 Feb 6 09:24:38 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:12336 1.1.1.1:22871 in via de0 Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:12336 1.1.1.1:23089 in via de0 Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:0 1.1.1.1:0 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.30:65533 1.1.1.1:256 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.30:65533 1.1.1.1:1023 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.30:0 1.1.1.1:0 in via de0 My ip was changed to 1.1.1.1 obviously and the scanner IP address was = not changed to protect the guilty. Thanks Casey Dinsmore ------=_NextPart_000_0020_01C090FA.75715800 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I've had a couple interesting entries = in my log=20 lately and wonder if someone could shed some light on these. How is it = that they=20 are being rejected with rule number -1? If I am having a problem with a = ipfw=20 ruleset could someone offer recommendations to fix and prevent = this?=20  
 
 
Feb  4 14:25:22 axisintegrated = /kernel: ipfw:=20 -1 Refuse UDP 64.80.89.149:27015 1.1.1.1:1261 in via de0
Feb  4 = 14:25:22=20 axisintegrated /kernel: ipfw: -1 Refuse UDP 64.80.89.149:27015 = 1.1.1.1:1261 in=20 via de0
Feb  6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse = TCP=20 207.189.165.105:12336 1.1.1.1:22866 in via de0
Feb  6 09:24:31=20 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:0 1.1.1.1:0 = in via=20 de0
Feb  6 09:24:38 axisintegrated /kernel: ipfw: -1 Refuse TCP=20 207.189.165.105:12336 1.1.1.1:22871 in via de0
Feb  6 09:24:42=20 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:12336 = 1.1.1.1:23089=20 in via de0
Feb  6 09:24:42 axisintegrated /kernel: ipfw: -1 = Refuse TCP=20 207.189.165.105:0 1.1.1.1:0 in via de0
Feb  6 17:04:44 = axisintegrated=20 /kernel: ipfw: -1 Refuse TCP 207.189.165.30:65533 1.1.1.1:256 in = via=20 de0
Feb  6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP=20 207.189.165.30:65533 1.1.1.1:1023 in via de0
Feb  6 = 17:04:44=20 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.30:0 1.1.1.1:0 = in via=20 de0
 
 
My ip was changed=20 to 1.1.1.1 obviously and the scanner IP address was not = changed to=20 protect the guilty.
 
 
Thanks
Casey = Dinsmore
------=_NextPart_000_0020_01C090FA.75715800-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message