From owner-freebsd-questions  Wed Dec 22 16:32:49 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from athserv.otenet.gr (athserv.otenet.gr [195.170.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id 814011568A
	for <freebsd-questions@freebsd.org>; Wed, 22 Dec 1999 16:32:41 -0800 (PST)
	(envelope-from keramida@diogenis.ceid.upatras.gr)
Received: from localhost.hell.gr (patr530-a086.otenet.gr [195.167.115.86])
	by athserv.otenet.gr (8.9.3/8.9.3) with SMTP id CAA19358
	for <freebsd-questions@freebsd.org>; Thu, 23 Dec 1999 02:32:48 +0200 (EET)
Received: (qmail 3618 invoked by uid 1001); 22 Dec 1999 15:57:58 -0000
Date: Wed, 22 Dec 1999 17:57:58 +0200
From: Giorgos Keramidas <charon@hades.hell.gr>
To: Stan Brown <stanb@netcom.com>
Cc: Free BSD Questions list <freebsd-questions@freebsd.org>
Subject: Re: Strange ipfw rejects
Message-ID: <19991222175758.C2656@hades.hell.gr>
Reply-To: keramida@ceid.upatras.gr
References: <199912220224.SAA20988@netcom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <199912220224.SAA20988@netcom.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Dec 21, 1999 at 09:24:36PM -0500, Stan Brown wrote:
| 	I just set up a new gateway machine with ipfw. I have not been using
| 	any rules before. In the first day, I got the following recjects:
| 
| 
| ipfw: 2000 Deny TCP 24.8.246.24:4114 24.6.61.166:1243 in via ed1
| ipfw: 2000 Deny TCP 24.8.246.24:4114 24.6.61.166:1243 in via ed1
| ipfw: 2000 Deny TCP 24.2.41.157:3338 24.6.61.166:1243 in via ed1
| ipfw: 2000 Deny TCP 24.2.41.157:3338 24.6.61.166:1243 in via ed1
| ipfw: 2000 Deny TCP 24.6.249.75:3989 24.6.61.166:12345 in via ed1
| ipfw: 2000 Deny TCP 24.6.249.75:3989 24.6.61.166:12345 in via ed1
| ipfw: 2000 Deny TCP 24.8.159.59:3930 24.6.61.166:1243 in via ed1
| 
| 	All of these IP's are user machines on my cablemodem providers network.
| 	Any clues as to what these ports are?

Oh, just a few NetBus and SubSeven probes.  Usually originating in a
dark room, where a teenager has discovered all by himself, the beauty
of networking with Windows machines.

Your ipfw rules have a rule entry in number 2000, that rejects this
packets, so don't worry about it.  However, doing an

	# ipfw list

and trying to understand what the rules are there for, is a nice thing
to do.  Go for it ;)

-- 
Giorgos Keramidas, <keramida@ceid.upatras.gr>
"What we have to learn to do, we learn by doing." [Aristotle]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message