Date: Tue, 7 Aug 2001 07:30:48 -0400 (EDT) From: Dru <genisis@istar.ca> To: User & Ian Patrick Thomas <ipthomas_77@yahoo.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Is this what the Code Red II worm does? Message-ID: <20010807072420.C25077-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com> In-Reply-To: <20010806234045.A340@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 6 Aug 2001, User & Ian Patrick Thomas wrote: > After doing an ipfw show after rebooting, I noticed the following > > 00106 5 216 (T 0, # 81) ty 0 tcp, 24.49.81.9 4061 <-> 24.49.117.213 80 > 00106 5 216 (T 0, # 174) ty 0 tcp, 24.240.245.40 2819 <-> 24.49.117.213 80 > 00106 5 216 (T 0, # 198) ty 0 tcp, 24.218.162.152 3547 <-> 24.49.117.213 80 > > this is the ruleset it matched > > 00106 43 3202 allow tcp from any to any keep-state setup <snip> Hi Ian, On a sidenote, you might want to consider adding the word "out" to that rule between the words "keep-state" and "setup". Until you specify a direction, that rule works both ways. Cheers, Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010807072420.C25077-100000>