From owner-freebsd-questions Mon Feb 4 12:21:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from sage-american.com (sage-american.com [216.122.141.44]) by hub.freebsd.org (Postfix) with ESMTP id 3E44B37B434 for ; Mon, 4 Feb 2002 12:21:39 -0800 (PST) Received: from SAGEONE (adsl-64-219-21-232.dsl.crchtx.swbell.net [64.219.21.232]) by sage-american.com (8.9.3/8.9.3) with SMTP id OAA07058; Mon, 4 Feb 2002 14:21:35 -0600 (CST) Message-Id: <3.0.5.32.20020204142132.01917078@mail.sage-american.com> X-Sender: jacks@mail.sage-american.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Mon, 04 Feb 2002 14:21:32 -0600 To: "Joe & Fhe Barbish" From: jacks@sage-american.com Subject: RE: Firewall Denies - w/info Cc: "FBSD" In-Reply-To: References: <3.0.5.32.20020204135700.01917078@mail.sage-american.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Guess my FWall is doing its job.... Forgot about the Trojan list.... thanks! At 03:06 PM 2.4.2002 -0500, Joe & Fhe Barbish wrote: >http://www.securitystats.com/tools/portsearch.asp > >It says 1024 = netspy trojan > >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of >jacks@sage-american.com >Sent: Monday, February 04, 2002 2:57 PM >To: freebsd-questions@freebsd.org >Subject: Firewall Denies - w/info > >Sheesh! Here are the denies with the questions again. Sorry! >I'm getrting a lot of these "denies" of outgoing UDP shown in my firewall >log. The lookups show they are NSLs or root.servers, but not MY >nameservers. Many are on port 1024, but not always (some on the samba >ports). > >Also, some try to go out on port 53, but not to MY nameservers.... > >Since it looks like the requests are coming from my machines, they look >harmless & wonder if I need the requests, and what could be asking for the >info. Does anyone know what these are for...??? ...or what is asking for >the info? > >Deny UDP 64.xxx.xx.xxx:1024 198.41.0.4:53 out via tun0 >Deny UDP 64.xxx.xx.xxx:1024 192.203.230.10:53 out via tun0 >Deny UDP 64.xxx.xx.xxx:1024 192.36.148.17:53 out via tun0 >Deny UDP 64.xxx.xx.xxx:1024 198.32.64.12:53 out via tun0 > >Best regards, >Jack L. Stone, >Server Admin > >=================================================== >Sage-American >http://www.sage-american.com >jacks@sage-american.com > >"My center is giving way, my right is in retreat; >....situation excellent! ....I shall attack!" >=================================================== > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > > Best regards, Jack L. Stone, Server Admin =================================================== Sage-American http://www.sage-american.com jacks@sage-american.com "My center is giving way, my right is in retreat; ....situation excellent! ....I shall attack!" =================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message