Date: Wed, 22 Dec 1999 12:36:20 +0100 From: Jeroen Ruigrok van der Werven <asmodai@bart.nl> To: Stan Brown <stanb@netcom.com> Cc: Free BSD Questions list <freebsd-questions@FreeBSD.ORG> Subject: Re: Strange ipfw rejects Message-ID: <19991222123619.G38722@lucifer.bart.nl> In-Reply-To: <199912220224.SAA20988@netcom.com>; from stanb@netcom.com on Tue, Dec 21, 1999 at 09:24:36PM -0500 References: <199912220224.SAA20988@netcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-On [19991222 03:35], Stan Brown (stanb@netcom.com) wrote: >Dec 20 11:36:21 koala /kernel: ipfw: 2000 Deny TCP 24.8.246.24:4114 24.6.61.166:1243 in via ed1 >Dec 20 11:36:24 koala /kernel: ipfw: 2000 Deny TCP 24.8.246.24:4114 24.6.61.166:1243 in via ed1 >Dec 21 06:02:45 koala /kernel: ipfw: 2000 Deny TCP 24.2.41.157:3338 24.6.61.166:1243 in via ed1 >Dec 21 06:02:48 koala /kernel: ipfw: 2000 Deny TCP 24.2.41.157:3338 24.6.61.166:1243 in via ed1 >Dec 21 09:14:42 koala /kernel: ipfw: 2000 Deny TCP 24.6.249.75:3989 24.6.61.166:12345 in via ed1 >Dec 21 09:14:45 koala /kernel: ipfw: 2000 Deny TCP 24.6.249.75:3989 24.6.61.166:12345 in via ed1 >Dec 21 17:10:46 koala /kernel: ipfw: 2000 Deny TCP 24.8.159.59:3930 24.6.61.166:1243 in via ed1 > > All of these IP's are user machines on my cablemodem providers network. > Any clues as to what these ports are? 12345 = Netbus. A typical Windows trojan program. I'd say a note to abuse@yourisp.com is in order with full logs. HTH, -- Jeroen Ruigrok van der Werven Network- and systemadministrator <asmodai@bart.nl> bART Internet Services / Tel: +31 - (0) 10 - 240 39 70 VIA NET.WORKS Netherlands To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991222123619.G38722>