From owner-freebsd-security  Tue Jun 13 16:25: 9 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ocis.ocis.net (ocis.ocis.net [209.52.173.1])
	by hub.freebsd.org (Postfix) with ESMTP id B74C037BE5C
	for <security@FreeBSD.ORG>; Tue, 13 Jun 2000 16:25:05 -0700 (PDT)
	(envelope-from vdrifter@ocis.ocis.net)
Received: from localhost (vdrifter@localhost)
	by ocis.ocis.net (8.9.3/8.9.3) with ESMTP id QAA23121
	for <security@FreeBSD.ORG>; Tue, 13 Jun 2000 16:25:04 -0700
Date: Tue, 13 Jun 2000 16:25:04 -0700 (PDT)
From: John F Cuzzola <vdrifter@ocis.ocis.net>
To: security@FreeBSD.ORG
Subject: ipfw log entry
Message-ID: <Pine.LNX.4.21.0006131621210.22570-100000@ocis.ocis.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hi everyone,
On one of our firewalls numerous entries looking like this were logged:

ipfw: -1 Refuse TCP 209.1.224.16 107.13.119.32 in via ep3 Fragment = 147


I haven't seen this one before. Is this a packet that FreeBSD explicitly
blocks regardless of the firewall rules and if so what is its
intent/purpose? (Basically what I'm asking is does this look like hacker
activity).

Thanks




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message