Re: How to interpret ipfw log?
[...] Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970 65.87.165.45:281 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115 65.87.165.45:106 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007 65.87.165.45:284 out via tx0 looks like nmap ;) I don't remember running nmap. What are the chances that machine is compromised? zero chances - your firewall denied the intruder anyway :-) clem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to interpret ipfw log?
On 2005-04-13, Ed Stover <[EMAIL PROTECTED]> wrote: > On Tue, 2005-04-12 at 23:28 -0400, [EMAIL PROTECTED] wrote: >> Your ipfw rule 2500 is denying those outbound packets >> 192.168.0.200:65117 is your ip address: port number >> 65.87.165.45:5800 is the remote target ip address and port number >> and this is leaving your pc on NIC named tx0 >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Behalf Of Sergei >> Gnezdov >> Sent: Tuesday, April 12, 2005 11:08 PM >> To: freebsd-questions@freebsd.org >> Subject: How to interpret ipfw log? >> >> The following firewall log seems to make very little sense to me. >> What could it possibly mean? >> >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117 >> 65.87.165.45:5800 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761 >> 65.87.165.45:1003 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116 >> 65.87.165.45:1362 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055 >> 65.87.165.45:6101 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352 >> 65.87.165.45:888 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272 >> 65.87.165.45:969 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267 >> 65.87.165.45:471 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164 >> 65.87.165.45:1496 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306 >> 65.87.165.45:5716 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970 >> 65.87.165.45:281 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115 >> 65.87.165.45:106 out via tx0 >> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007 >> 65.87.165.45:284 out via tx0 > looks like nmap ;) I don't remember running nmap. What are the chances that machine is compromised? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: How to interpret ipfw log?
On Tue, 2005-04-12 at 23:28 -0400, [EMAIL PROTECTED] wrote: > Your ipfw rule 2500 is denying those outbound packets > 192.168.0.200:65117 is your ip address: port number > 65.87.165.45:5800 is the remote target ip address and port number > and this is leaving your pc on NIC named tx0 > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Sergei > Gnezdov > Sent: Tuesday, April 12, 2005 11:08 PM > To: freebsd-questions@freebsd.org > Subject: How to interpret ipfw log? > > The following firewall log seems to make very little sense to me. > What could it possibly mean? > > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117 > 65.87.165.45:5800 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761 > 65.87.165.45:1003 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116 > 65.87.165.45:1362 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055 > 65.87.165.45:6101 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352 > 65.87.165.45:888 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272 > 65.87.165.45:969 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267 > 65.87.165.45:471 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164 > 65.87.165.45:1496 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306 > 65.87.165.45:5716 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970 > 65.87.165.45:281 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115 > 65.87.165.45:106 out via tx0 > Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007 > 65.87.165.45:284 out via tx0 > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" looks like nmap ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: How to interpret ipfw log?
Your ipfw rule 2500 is denying those outbound packets 192.168.0.200:65117 is your ip address: port number 65.87.165.45:5800 is the remote target ip address and port number and this is leaving your pc on NIC named tx0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sergei Gnezdov Sent: Tuesday, April 12, 2005 11:08 PM To: freebsd-questions@freebsd.org Subject: How to interpret ipfw log? The following firewall log seems to make very little sense to me. What could it possibly mean? Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117 65.87.165.45:5800 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761 65.87.165.45:1003 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116 65.87.165.45:1362 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055 65.87.165.45:6101 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352 65.87.165.45:888 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272 65.87.165.45:969 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267 65.87.165.45:471 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164 65.87.165.45:1496 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306 65.87.165.45:5716 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970 65.87.165.45:281 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115 65.87.165.45:106 out via tx0 Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007 65.87.165.45:284 out via tx0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"