From owner-freebsd-security  Mon Jul 16  5:18:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from c001.snv.cp.net (c001-h000.c001.snv.cp.net [209.228.32.114])
	by hub.freebsd.org (Postfix) with SMTP id 3806D37B401
	for <security@freebsd.org>; Mon, 16 Jul 2001 05:18:10 -0700 (PDT)
	(envelope-from ivan@al3ks4ndr0v.net)
Received: (cpmta 17115 invoked from network); 16 Jul 2001 05:18:00 -0700
Received: from unknown (HELO 212.111.70.23) (212.111.70.23)
  by smtp.al3ks4ndr0v.net (209.228.32.114) with SMTP; 16 Jul 2001 05:18:00 -0700
X-Sent: 16 Jul 2001 12:18:00 GMT
Date: Mon, 16 Jul 2001 18:17:21 +0600
From: Ivan <ivan@al3ks4ndr0v.net>
X-Mailer: The Bat! (v1.49) Personal
Reply-To: Ivan <ivan@al3ks4ndr0v.net>
Organization: dxxr
X-Priority: 3 (Normal)
Message-ID: <178309637.20010716181721@al3ks4ndr0v.net>
To: security@freebsd.org
Subject: log message.
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Socks5 v1.0r11 listend on 6667 port
permit only 192.168.1.0/24.
also firewalled.
I receive messages from log:

Jul 16 13:16:39 bsd ircd[80482]: Connect to *[192.168.3.2] @192.168.3.2

# netstat -na
Proto Recv-Q Send-Q  Local Address          Foreign Address       
(state)
tcp4       0      0  192.168.1.1.3600     192.168.3.2.6667     SYN_SENT

add in ipfw list:
04000       0          0 deny ip from 192.168.3.2 to any

# traceroute 192.168.3.2
traceroute to 192.168.3.2 (192.168.3.2), 30 hops max, 40 byte packets
 1  192.168.10.5 (192.168.10.5)  1.237 ms  1.121 ms  1.083 ms
 2  192.168.0.2 (192.168.0.2)  2.805 ms  2.578 ms  2.554 ms
 3  192.168.10.5 (192.168.10.5)  4.819 ms  2.690 ms  3.085 ms
 4  192.168.0.2 (192.168.0.2)  4.039 ms  4.212 ms  4.069 ms
 5  192.168.10.5 (192.168.10.5)  4.077 ms  9.975 ms  4.082 ms
 6  192.168.0.2 (192.168.0.2)  5.594 ms  5.762 ms  5.456 ms
 7  192.168.10.5 (192.168.90.5)  5.590 ms  5.614 ms  11.071 ms
 8  192.168.0.2 (192.168.0.2)  7.042 ms  7.079 ms  6.866 ms
 9  192.168.10.5 (192.168.90.5)  6.934 ms  7.740 ms  6.921 ms
10  192.168.0.2 (192.168.0.2)  13.574 ms  8.517 ms  8.965 ms
11  192.168.10.5 (192.168.90.5)  8.649 ms  8.824 ms  8.886 ms
12  192.168.0.2 (192.168.0.2)  14.828 ms  9.912 ms  9.815 ms
..........

# ping 192.168.3.2      
PING 192.168.3.2 (192.168.3.2): 56 data bytes
36 bytes from 192.168.10.5: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 612a   0 0000  01  01 1fe5 192.168.1.1  192.168.3.2 

Jul 16 13:26:39 bsd ircd[80482]: Connect to *[192.168.3.2] @192.168.3.2

# netstat -na
Proto Recv-Q Send-Q  Local Address          Foreign Address       
(state)
tcp4       0      0  192.168.1.1.3601     192.168.3.2.6667     SYN_SENT

what this?
help..
  
-- 
Best regards,
 Ivan                          mailto:ivan@al3ks4ndr0v.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message