From owner-freebsd-isp Tue Apr 24 15:41:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from aspenworks.com (aspenworks.com [192.94.236.1]) by hub.freebsd.org (Postfix) with ESMTP id 0C30237B422 for ; Tue, 24 Apr 2001 15:41:51 -0700 (PDT) (envelope-from alex@aspenworks.com) Received: from d7k ([66.28.18.7]) by aspenworks.com (8.9.3/8.9.3) with SMTP id QAA44476; Tue, 24 Apr 2001 16:41:34 -0600 (MDT) (envelope-from alex@aspenworks.com) Message-ID: <005301c0cd0f$a980fbe0$07121c42@d7k> From: "Alex Huppenthal" To: "Rowan Crowe" , References: Subject: Re: IPFW ? hacked? Date: Tue, 24 Apr 2001 16:41:08 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rowan, Thanks for sharing that observation. It concerned me that the numbers kept rising. As I recall, I added the pipe while the system was updating from cvsup. It would be nice if the listed connection was the latest connection. Cheers, - Alex ----- Original Message ----- From: "Rowan Crowe" To: Sent: Tuesday, April 24, 2001 4:17 PM Subject: Re: IPFW ? hacked? > On Tue, 24 Apr 2001, alex huppenthal wrote: > > > I setup a pipe - number 5, and set the bandwidth to 20Mbits. > > > > Interestingly, I see 205.149.189.91 as a destination IP address at port 5999 > > collecting data from x.x.18.3 > > > > I don't know 205.149.189.91 or have any process running to that site. > > However, the numbers are increasing. > > > > Anyone seen this behavior? > > > > 00005: 20.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail > > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte > > Drp > > 0 tcp x.x.18.3/1027 205.149.189.91/5999 76043 19344253 0 0 > > 0 > > Yes. I experimented with 4.x dummynet shaping on a popular web site, and > it seems the first IP:port to run through the pipe gets shown, as above, > for the life of that pipe. The byte/packet count is NOT specific to that > single IP:port, it's everything travelling through the pipe. I'm not sure > why this display is considered useful (?). If you delete and redo the pipe > you'll probably get a different IP showing, so I wouldn't be too concerned > about it... do some local testing with known IPs if you want to follow it > up further? > > Cheers. > > > -- > Rowan Crowe http://www.rowan.sensation.net.au/ > Sensation Internet Services http://info.sensation.net.au/ > Melbourne, Australia Phone: +61-3-9388-9260 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message