Date: Tue, 1 Jan 2002 16:46:20 -0500 From: "Joe & Fhe Barbish" <barbish@a1poweruser.com> To: "Brian Whalen" <bri@sonicboom.org> Cc: "FBSD Questions" <questions@FreeBSD.ORG> Subject: RE: IPFW UDP port# 520 Message-ID: <LPBBIGIAAKKEOEJOLEGOAEPGCKAA.barbish@a1poweruser.com> In-Reply-To: <20020101133355.F3347-100000@5131-073-209.015.popsite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I did not put the real IP address in the post, just changed the numbers to protect myself. The ISP real IP address does do a reverse dns ok. This machine is a virgin install of FBSD never been connected to the internet without firewall. There's no way that the Ripper Trojan could have infested my box. The 520's I am receiving can Only be from my ISP's router. What ipfw rules do I need to respond to make that router happy and shut up? -----Original Message----- From: Brian Whalen [mailto:bri@sonicboom.org] Sent: Tuesday, January 01, 2002 4:36 PM To: Joe & Fhe Barbish Cc: FBSD Questions Subject: Re: IPFW UDP port# 520 Well I'd be a little suspicious due to the lack of a reverse dns entry for that ip. According to arin, that ip belongs to Alexia Internet. This your isp? Is that ip your gsteway for traffic back out? Brian "Sonic" Whalen Success = Preparation + Opportunity On Tue, 1 Jan 2002, Joe & Fhe Barbish wrote: > Happy new year to all FBSD list readers. > > I see in my security log a lot of denied packets over and > over again of the same kind. > > Deny UDP 208.203.25.3:520 63.163.61.14:520 in via tun0 > > 208.203.25.3 is my ISP's IP address and 63.163.61.14 is my IP address. > > When I lookup what port 520 is it says a local routing process > or Trojan Ripper. I think it's my ISP's front door router > inquiring if I am still there. > Since my firewall is denying the request it just keeps repeating. > > How can I be sure It's my ISP's router and not the Ripper Trojan? > > What rules do I need the add to my IPFW rules set to resolve this? > > Thanks > > Joe > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LPBBIGIAAKKEOEJOLEGOAEPGCKAA.barbish>