Date: Wed, 13 Apr 2005 21:02:27 -0700 From: Sergei Gnezdov <use-reply-to@gnezdov.net> To: freebsd-questions@freebsd.org Subject: Re: How to interpret ipfw log? Message-ID: <slrnd5rqqj.1vpk.use-reply-to@gnezdov.net> References: <MIEPLLIBMLEEABPDBIEGKEBDHEAA.bob@a1poweruser.com> <1113426014.91701.18.camel@red.nativenerds.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-04-13, Ed Stover <estover@nativenerds.com> wrote: > On Tue, 2005-04-12 at 23:28 -0400, bob@a1poweruser.com wrote: >> Your ipfw rule 2500 is denying those outbound packets >> 192.168.0.200:65117 is your ip address: port number >> 65.87.165.45:5800 is the remote target ip address and port number >> and this is leaving your pc on NIC named tx0 >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Sergei >> Gnezdov >> Sent: Tuesday, April 12, 2005 11:08 PM >> To: freebsd-questions@freebsd.org >> Subject: How to interpret ipfw log? >> >> The following firewall log seems to make very little sense to me. >> What could it possibly mean? >> >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117 >> 65.87.165.45:5800 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761 >> 65.87.165.45:1003 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116 >> 65.87.165.45:1362 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055 >> 65.87.165.45:6101 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352 >> 65.87.165.45:888 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272 >> 65.87.165.45:969 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267 >> 65.87.165.45:471 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164 >> 65.87.165.45:1496 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306 >> 65.87.165.45:5716 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970 >> 65.87.165.45:281 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115 >> 65.87.165.45:106 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007 >> 65.87.165.45:284 out via tx0 > looks like nmap ;) I don't remember running nmap. What are the chances that machine is compromised?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnd5rqqj.1vpk.use-reply-to>