Date: Wed, 7 Feb 2001 11:38:15 -0800 From: "Casey Dinsmore" <cdinsmore@vatyx.com> To: <freebsd-security@freebsd.org> Subject: Interesting ipfw response Message-ID: <002301c0913d$8555d000$1717a8c0@netadmin>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0020_01C090FA.75715800 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I've had a couple interesting entries in my log lately and wonder if = someone could shed some light on these. How is it that they are being = rejected with rule number -1? If I am having a problem with a ipfw = ruleset could someone offer recommendations to fix and prevent this? =20 Feb 4 14:25:22 axisintegrated /kernel: ipfw: -1 Refuse UDP = 64.80.89.149:27015 1.1.1.1:1261 in via de0 Feb 4 14:25:22 axisintegrated /kernel: ipfw: -1 Refuse UDP = 64.80.89.149:27015 1.1.1.1:1261 in via de0 Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:12336 1.1.1.1:22866 in via de0 Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:0 1.1.1.1:0 in via de0 Feb 6 09:24:38 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:12336 1.1.1.1:22871 in via de0 Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:12336 1.1.1.1:23089 in via de0 Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.105:0 1.1.1.1:0 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.30:65533 1.1.1.1:256 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.30:65533 1.1.1.1:1023 in via de0 Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP = 207.189.165.30:0 1.1.1.1:0 in via de0 My ip was changed to 1.1.1.1 obviously and the scanner IP address was = not changed to protect the guilty. Thanks Casey Dinsmore ------=_NextPart_000_0020_01C090FA.75715800 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>I've had a couple interesting entries = in my log=20 lately and wonder if someone could shed some light on these. How is it = that they=20 are being rejected with rule number -1? If I am having a problem with a = ipfw=20 ruleset could someone offer recommendations to fix and prevent = this?=20 </FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial = size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Feb 4 14:25:22 axisintegrated = /kernel: ipfw:=20 -1 Refuse UDP 64.80.89.149:27015 1.1.1.1:1261 in via de0<BR>Feb 4 = 14:25:22=20 axisintegrated /kernel: ipfw: -1 Refuse UDP 64.80.89.149:27015 = 1.1.1.1:1261 in=20 via de0<BR>Feb 6 09:24:31 axisintegrated /kernel: ipfw: -1 Refuse = TCP=20 207.189.165.105:12336 1.1.1.1:22866 in via de0<BR>Feb 6 09:24:31=20 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:0 1.1.1.1:0 = in via=20 de0<BR>Feb 6 09:24:38 axisintegrated /kernel: ipfw: -1 Refuse TCP=20 207.189.165.105:12336 1.1.1.1:22871 in via de0<BR>Feb 6 09:24:42=20 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.105:12336 = 1.1.1.1:23089=20 in via de0<BR>Feb 6 09:24:42 axisintegrated /kernel: ipfw: -1 = Refuse TCP=20 207.189.165.105:0 1.1.1.1:0 in via de0<BR>Feb 6 17:04:44 = axisintegrated=20 /kernel: ipfw: -1 Refuse TCP 207.189.165.30:65533 1.1.1.1:256 in = via=20 de0<BR>Feb 6 17:04:44 axisintegrated /kernel: ipfw: -1 Refuse TCP=20 207.189.165.30:65533 1.1.1.1:1023 in via de0<BR>Feb 6 = 17:04:44=20 axisintegrated /kernel: ipfw: -1 Refuse TCP 207.189.165.30:0 1.1.1.1:0 = in via=20 de0</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>My ip was changed=20 to 1.1.1.1 obviously and the scanner IP address was not = changed to=20 protect the guilty.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Casey = Dinsmore</FONT></DIV></BODY></HTML> ------=_NextPart_000_0020_01C090FA.75715800-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002301c0913d$8555d000$1717a8c0>