Date: Tue, 17 Jul 2001 13:05:39 -0700 From: "D. W. Piper" <dwplists@loop.com> To: <freebsd-security@FreeBSD.ORG> Subject: Another question on IPFW Rule -1 Message-ID: <03a401c10efb$dd2eda60$213cd3cf@loop.com> References: <200105181518.WAA12362@bazooka.cs.ait.ac.th> <046c01c0dfc0$833e7fc0$213cd3cf@loop.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Originally I'd asked whether IPFW rule -1 always indicated an attack because for the last few weeks we've been seeing the following entries in the IPFW logs on two of our servers: ipfw: -1 Refuse TCP aaa.bbb.ccc.ddd www.xxx.yyy.zzz in via de0 Fragment = 184 Yesterday for example it happened for about 25 minutes on the primary mail server, then when it stopped happening on that server it happened for about 20 minutes on one of our secondary mail servers. As I said earlier, this has been going on for the last few weeks, always from the same IP address, always to the same two of our servers, and always with "Fragment = 184". Can anyone shed any light on what's going on here? Is it significant that it's always "Fragment = 184"? (Is that the number of the fragment, or if not what does it mean?) Thank you, David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03a401c10efb$dd2eda60$213cd3cf>