Date: Mon, 8 Jan 2001 23:42:46 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Marc Silver <marcs@draenor.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: What do these mean? Message-ID: <20010108234245.J95729@rfx-64-6-211-149.users.reflexco> In-Reply-To: <20010109084540.Y94766@draenor.org>; from marcs@draenor.org on Tue, Jan 09, 2001 at 08:45:40AM %2B0200 References: <20010109084540.Y94766@draenor.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 09, 2001 at 08:45:40AM +0200, Marc Silver wrote:
> Hi there,
>
> I wonder if someone could please explain the following to me:
>
> 00600 18 2253 (T 0, # 24) ty 0 tcp, x.x.x.x 3812 <-> 213.165.64.100 25
> 00600 25 6583 (T 0, # 33) ty 0 tcp, x.x.x.x 3809 <-> 204.216.28.88 25
> 00600 1349 912199 (T 0, # 61) ty 0 tcp, x.x.x.x 3805 <-> 193.233.48.66 15651
> 00600 24 4399 (T 0, # 101) ty 0 tcp, x.x.x.x 3819 <-> 196.2.146.4 6667
> 00500 44 13717 (T 0, # 117) ty 0 tcp, 196.14.168.230 1028 <-> x.x.x.x 22
> 00600 46 5247 (T 0, # 158) ty 0 tcp, x.x.x.x 3813 <-> 196.7.70.227 25
> 00600 7 1744 (T 0, # 186) ty 0 tcp, x.x.x.x 3804 <-> 193.233.48.66 47013
> 00600 1 40 (T 0, # 240) ty 0 tcp, x.x.x.x 3811 <-> 196.7.70.227 113
> 00500 13708 1276593 (T 300, # 244) ty 0 tcp, 196.14.168.229 2950 <-> x.x.x.x 22
> ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^
> I simply dont understand what these mean. I'm guessing that
> they're counters, but I'm not 100% certain. Could someone please
> explain to me what they are. I'd really appreciate it, as it
> seems that some of these stateful rules simply never close even
> though there is no traffic going through them (or at least, there
> really shouldn't be 45 minutes after a mail has been sent etc).
>
> Please email me back as I'm not subscribed to this list.
> 00500 13708 1276593 (T 300, # 244) ty 0 tcp, 196.14.168.229 2950 <-> x.x.x.x 22
^^^^^ ^^^^^^^ ^^^ ^^^
packets bytes seconds number
The seconds are how long the rule has until it times out. It looks
like you have an active SSH going on. All of the other rules are
expired.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010108234245.J95729>