Date: Tue, 9 Oct 2001 11:24:18 +0200 From: "Jonas Sonntag" <js@jonsonn.de> To: "Jonathan Chen" <jonathan.chen@itouch.co.nz> Cc: <freebsd-questions@freebsd.org> Subject: AW: rpc.statd: invalid hostname to sm_stat: ^X?y?.... + IPFW questions Message-ID: <KIEEILJCLAIJNFGECHJOMEOACBAA.js@jonsonn.de> In-Reply-To: <20011009144605.B4925@jonc.itouch>
next in thread | previous in thread | raw e-mail | index | archive | help
> Some script kiddie is attempting to overflow your portmapper. Why have > you got it running attached to the 'Net? i thought it to be closed !? this is my current ipfw config where rl0 is the outside interface and xl0 connects the lan: 00100 3281039 2395988201 divert 8668 ip from any to any via rl0 00200 5418 235058 allow ip from any to any via lo0 00300 12328087 9850315840 allow ip from any to any via xl0 00400 2 96 deny tcp from any to me 25 via rl0 setup 00500 0 0 deny tcp from any to me 53 via rl0 setup 00600 2 96 deny tcp from any to me 110 via rl0 setup 00700 10 600 deny tcp from any to me 111 via rl0 setup 00800 8 384 deny tcp from any to me 139 via rl0 setup 00900 0 0 deny tcp from any to me 587 via rl0 setup 01000 3280075 2395948580 allow ip from any to any via rl0 65535 490 312763 deny ip from any to any should i change rules for 111? or is there other ports the portmapper uses? btw, i'd like to use this config for the rl0 interface: $fwcmd add allow all from 192.168.0.0/24 to any via rl0 $fwcmd add allow tcp from any to me 1-65535 established via rl0 $fwcmd add allow tcp from any to me 21 setup via rl0 $fwcmd add allow tcp from any to me 22 setup via rl0 $fwcmd add allow tcp from any to me 80 setup via rl0 $fwcmd add allow icmp from any to any $fwcmd add deny log ip from any to any but when i activate this set of rules, syslog keeps saying: natd[182]: failed to write packet back (Permission denied) last message repeated 87 times ...and so on and the lan is disconnectet from the internet until i reload with the *deny-some-ports-and-allow-the-rest-config* thanks for any help and advice! js > -----Ursprungliche Nachricht----- > Von: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]Im Auftrag von Jonathan Chen > Gesendet: Dienstag, 9. Oktober 2001 03:46 > An: Jonas Sonntag > Cc: freebsd-questions@freebsd.org > Betreff: Re: rpc.statd: invalid hostname to sm_stat: ^X?y?.... > > > On Tue, Oct 09, 2001 at 02:26:01AM +0200, Jonas Sonntag wrote: > > hello > > i just received this: > > > > Oct 9 02:13:19 jeannie rpc.statd: invalid hostname to sm_stat: > > > ^X?y?^X?y?^Y?y?^Y?y?^Z?y?^Z?y?^[?y?^[?y?%8x%8x%8x%8x%8x%8x%8x%8x%8 > x%236x%n%1 > > > 37x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > M-^PM-^PM- > > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P > > Oct 9 02:13:19 jeannie /kernel: M-^PM-^PM-^P > > > > should i take action? > > Some script kiddie is attempting to overflow your portmapper. Why have > you got it running attached to the 'Net? > -- > Jonathan Chen <jonathan.chen@itouch.co.nz> > ---------------------------------------------------------------------- > Experience is a hard teacher > because she gives the test first, the lesson afterwards > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KIEEILJCLAIJNFGECHJOMEOACBAA.js>