Date: Sun, 9 Aug 1998 15:03:59 +0930 (CST) From: Kris Kennaway <kkennawa@physics.adelaide.edu.au> To: security@FreeBSD.ORG Subject: Capturing IPFW denied packets Message-ID: <Pine.OSF.3.90.980809145527.30908A-100000@bragg>
next in thread | raw e-mail | index | archive | help
I've recently set up an ipfw firewall on my dialup box here, and have noticed some strange-looking packets coming back at me (and bouncing off a filter entry) when I've surfed some particular webites. One sent back a whole bunch of packets to the identd port when I just browsed a non-interactive document on their website, and another had their DNS try and contact mine, plus another dodgy-looking packet ipfw: 1200 Deny TCP 203.63.152.26:30284 203.20.69.71:113 in via tun0 ipfw: 1200 Deny TCP 203.63.152.26:30284 203.20.69.71:113 in via tun0 ... (19 of these) ipfw: 2200 Deny TCP 209.67.27.71:53 203.20.69.71:53 in via tun0 ipfw: 2200 Deny TCP 209.67.27.71:7777 203.20.69.71:2044 in via tun0 Now, these may well be nothing to worry about, but I'm interested to know what the unsolicited packets have to say for themselves. Is there any way I can set things up to log the contents of the packets which fail the ipfw filter? Can anyone think of legitimate reasons these sites might want to know my identity or information about my DNS, other than trying to harvest addresses for spammers? Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.3.90.980809145527.30908A-100000>