subject:"RE\: How to interpret ipfw log\?"

Re: How to interpret ipfw log?

2005-04-14 Thread Clement Twine

[...]
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP
192.168.0.200:64970 65.87.165.45:281 out via tx0 Apr 11
04:27:05 name kernel: ipfw: 2500 Deny TCP
192.168.0.200:64115 65.87.165.45:106 out via tx0 Apr 11
04:27:05 name kernel: ipfw: 2500 Deny TCP
192.168.0.200:62007 65.87.165.45:284 out via tx0

looks like nmap ;)
I don't remember running nmap.  What are the chances that
machine is compromised?
zero chances - your firewall denied the intruder anyway :-)
clem.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How to interpret ipfw log?

2005-04-13 Thread Sergei Gnezdov

On 2005-04-13, Ed Stover <[EMAIL PROTECTED]> wrote:
> On Tue, 2005-04-12 at 23:28 -0400, [EMAIL PROTECTED] wrote:
>> Your ipfw rule 2500 is denying those outbound packets
>> 192.168.0.200:65117  is your ip address: port number
>> 65.87.165.45:5800 is the remote target ip address and port number
>> and this is leaving your pc on NIC  named tx0
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] Behalf Of Sergei
>> Gnezdov
>> Sent: Tuesday, April 12, 2005 11:08 PM
>> To: freebsd-questions@freebsd.org
>> Subject: How to interpret ipfw log?
>> 
>> The following firewall log seems to make very little sense to me.
>> What could it possibly mean?
>> 
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117
>> 65.87.165.45:5800 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761
>> 65.87.165.45:1003 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116
>> 65.87.165.45:1362 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055
>> 65.87.165.45:6101 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352
>> 65.87.165.45:888 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272
>> 65.87.165.45:969 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267
>> 65.87.165.45:471 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164
>> 65.87.165.45:1496 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306
>> 65.87.165.45:5716 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970
>> 65.87.165.45:281 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115
>> 65.87.165.45:106 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007
>> 65.87.165.45:284 out via tx0

> looks like nmap ;)

I don't remember running nmap.  What are the chances that machine is
compromised?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: How to interpret ipfw log?

2005-04-13 Thread Ed Stover

On Tue, 2005-04-12 at 23:28 -0400, [EMAIL PROTECTED] wrote:
> Your ipfw rule 2500 is denying those outbound packets
> 192.168.0.200:65117  is your ip address: port number
> 65.87.165.45:5800 is the remote target ip address and port number
> and this is leaving your pc on NIC  named tx0
> 
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Sergei
> Gnezdov
> Sent: Tuesday, April 12, 2005 11:08 PM
> To: freebsd-questions@freebsd.org
> Subject: How to interpret ipfw log?
> 
> The following firewall log seems to make very little sense to me.
> What could it possibly mean?
> 
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117
> 65.87.165.45:5800 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761
> 65.87.165.45:1003 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116
> 65.87.165.45:1362 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055
> 65.87.165.45:6101 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352
> 65.87.165.45:888 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272
> 65.87.165.45:969 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267
> 65.87.165.45:471 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164
> 65.87.165.45:1496 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306
> 65.87.165.45:5716 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970
> 65.87.165.45:281 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115
> 65.87.165.45:106 out via tx0
> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007
> 65.87.165.45:284 out via tx0
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
looks like nmap ;)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: How to interpret ipfw log?

2005-04-12 Thread bob

Your ipfw rule 2500 is denying those outbound packets
192.168.0.200:65117  is your ip address: port number
65.87.165.45:5800 is the remote target ip address and port number
and this is leaving your pc on NIC  named tx0




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sergei
Gnezdov
Sent: Tuesday, April 12, 2005 11:08 PM
To: freebsd-questions@freebsd.org
Subject: How to interpret ipfw log?

The following firewall log seems to make very little sense to me.
What could it possibly mean?

Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117
65.87.165.45:5800 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761
65.87.165.45:1003 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116
65.87.165.45:1362 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055
65.87.165.45:6101 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352
65.87.165.45:888 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272
65.87.165.45:969 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267
65.87.165.45:471 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164
65.87.165.45:1496 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306
65.87.165.45:5716 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970
65.87.165.45:281 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115
65.87.165.45:106 out via tx0
Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007
65.87.165.45:284 out via tx0

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How to interpret ipfw log?

Re: How to interpret ipfw log?

RE: How to interpret ipfw log?

RE: How to interpret ipfw log?

4 matches

Site Navigation

Mail list logo

Footer information