Date: Mon, 20 Aug 2001 13:24:57 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Emlyn Murphy <emlyn@gsu.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: yet another ipfw question Message-ID: <20010820132457.J313@blossom.cjclark.org> In-Reply-To: <20010820090010.A42499@chhsweb.gsu.edu>; from emlyn@gsu.edu on Mon, Aug 20, 2001 at 09:00:10AM -0400 References: <20010820090010.A42499@chhsweb.gsu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 20, 2001 at 09:00:10AM -0400, Emlyn Murphy wrote: [snip] > > 00900 1995 663805 deny ip from 0.0.0.0/8 to any in recv tl0 Most likely machines looking for DHCP servers. They use 0.0.0.0 as a source address during the discover phase. I've also frequently seen broken packets with source addresses in the 1-net coming in from the Internet. > > 01800 111327 6146217 deny ip from any to 240.0.0.0/4 in recv tl0 Local broadcasts (255.255.255.255) are going to fall into this range. Other than that, there really shouldn't be much going on up there in the Class E range. > > 65435 183243 28291342 deny log logamount 100 ip from any to any You're logging these, so you should see some of them. I assume this is the default deny catching _everything_ that doesn't pass. There is undoubtably a _lot_ of different stuff going on in here. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820132457.J313>