Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Aug 2001 09:00:10 -0400
From:      Emlyn Murphy <emlyn@gsu.edu>
To:        freebsd-security@freebsd.org
Subject:   yet another ipfw question
Message-ID:  <20010820090010.A42499@chhsweb.gsu.edu>
next in thread | raw e-mail | index | archive | help 

Greetings all,
	I have a probably easily answerable question about repeatedly
denied packets.  I run a web server which I use ipfw on to leave open
only the ports I use (undoubtably a common scenario).  The only weird
thing is, every day I get the exact same denied packets.  To me, it
doesn't seem like a potential problem, but I am still curious as to
what causes this sort of thing.  This is what I get for the denied
packets when the security report runs:

> 00900     1995      663805 deny ip from 0.0.0.0/8 to any in recv tl0
> 01800   111327     6146217 deny ip from any to 240.0.0.0/4 in recv tl0
> 65435   183243    28291342 deny log logamount 100 ip from any to any

Which is obviously caught by this set of rules (this is only a snippet of my
rules):

#       Stop draft-manning-dsua-01.txt nets on the outside interface
        $fwcmd add deny all from 0.0.0.0/8 to any in via $oif
        $fwcmd add deny all from 169.254.0.0/16 to any in via $oif
        $fwcmd add deny all from 192.0.2.0/24 to any in via $oif
        $fwcmd add deny all from 224.0.0.0/4 to any in via $oif
        $fwcmd add deny all from 240.0.0.0/4 to any in via $oif
        $fwcmd add deny all from any to 0.0.0.0/8 in via $oif
        $fwcmd add deny all from any to 169.254.0.0/16 in via $oif
        $fwcmd add deny all from any to 192.0.2.0/24 in via $oif
        $fwcmd add deny all from any to 224.0.0.0/4 in via $oif
        $fwcmd add deny all from any to 240.0.0.0/4 in via $oif

I'm in a rather chaotic university environment, so I have come to
expect a certain amount of weird stuff like this.  I was just
wondering if anyone could explain what sort of programs cause this
repetitive behavior.

Thanks in advance!
-- 
Emlyn Murphy <emlyn@gsu.edu>
http://www.emlyn.net/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820090010.A42499>