Date: Sat, 24 Mar 2001 11:10:00 -0500 From: Bill Moran <wmoran@iowna.com> To: Jim Freeze <jim@freeze.org> Cc: questions@FreeBSD.ORG Subject: Re: Meaging of Security Check? Message-ID: <3ABCC6D8.DAC386C3@iowna.com> References: <Pine.BSF.4.32.0103240744350.32267-100000@www.stelesys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Freeze wrote: > > Hi: > > I received the following security check and was wondering what it means: > > eeyore1 security check output > > eeyore1 kernel log messages: > > x3f8-0x3ff irq 4 flags 0x10 on isa > > ipfw: 40 Accept TCP 157.95.47.65:776 24.9.218.175:22 in via vx0 > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0 > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0 > > ...where the above is repeated for about 100 lines > > I looked up port 67 in /etc/services and it says: > > bootps 67/tcp dhcps #Bootstrap Protocol Server > bootps 67/udp dhcps #Bootstrap Protocol Server > > nslookup says: > > % nslookup 24.2.7.70 > Server: proxy1.lxintn1.ky.home.com > Address: 24.5.116.15 > > Name: lh1.rdc1.tn.home.com > Address: 24.2.7.70 > > Can someone explain what is happening here? (on a guess) it looks like you're getting broadcast traffic from some systems on your network that do a network boot. That would be normal, as the system has to broadcast its initial bootps request (since it doesn't know who it's boot server will be yet) Probably a like in your firewall rules to deny incomming on port 67 would be a little nicer, but overall I wouldn't worry about it. The .home.com people, on the other hand, should feel stupid for letting that kind of traffic reach your level. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ABCC6D8.DAC386C3>