From owner-freebsd-security  Mon Jan  8 23:43:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 4EC0037B401
	for <freebsd-security@freebsd.org>; Mon,  8 Jan 2001 23:43:20 -0800 (PST)
Received: from rfx-64-6-211-149.users.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Mon, 8 Jan 2001 23:41:10 -0800
Received: (from cjc@localhost)
	by rfx-64-6-211-149.users.reflexcom.com (8.11.0/8.11.0) id f097gpe83726;
	Mon, 8 Jan 2001 23:42:51 -0800 (PST)
	(envelope-from cjc)
Date: Mon, 8 Jan 2001 23:42:46 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Marc Silver <marcs@draenor.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: What do these mean?
Message-ID: <20010108234245.J95729@rfx-64-6-211-149.users.reflexco>
Reply-To: cjclark@alum.mit.edu
References: <20010109084540.Y94766@draenor.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20010109084540.Y94766@draenor.org>; from marcs@draenor.org on Tue, Jan 09, 2001 at 08:45:40AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Jan 09, 2001 at 08:45:40AM +0200, Marc Silver wrote:
> Hi there,
> 
> I wonder if someone could please explain the following to me:
> 
> 00600 18 2253 (T 0, # 24) ty 0 tcp, x.x.x.x 3812 <-> 213.165.64.100 25
> 00600 25 6583 (T 0, # 33) ty 0 tcp, x.x.x.x 3809 <-> 204.216.28.88 25
> 00600 1349 912199 (T 0, # 61) ty 0 tcp, x.x.x.x 3805 <-> 193.233.48.66 15651
> 00600 24 4399 (T 0, # 101) ty 0 tcp, x.x.x.x 3819 <-> 196.2.146.4 6667
> 00500 44 13717 (T 0, # 117) ty 0 tcp, 196.14.168.230 1028 <-> x.x.x.x 22
> 00600 46 5247 (T 0, # 158) ty 0 tcp, x.x.x.x 3813 <-> 196.7.70.227 25
> 00600 7 1744 (T 0, # 186) ty 0 tcp, x.x.x.x 3804 <-> 193.233.48.66 47013
> 00600 1 40 (T 0, # 240) ty 0 tcp, x.x.x.x 3811 <-> 196.7.70.227 113
> 00500 13708 1276593 (T 300, # 244) ty 0 tcp, 196.14.168.229 2950 <-> x.x.x.x 22
>       ^^^^^ ^^^^^^^^^^^^^^^^^^^^^^
>       I simply dont understand what these mean.  I'm guessing that
>       they're counters, but I'm not 100% certain.  Could someone please
>       explain to me what they are.  I'd really appreciate it, as it
>       seems that some of these stateful rules simply never close even
>       though there is no traffic going through them (or at least, there
>       really shouldn't be 45 minutes after a mail has been sent etc).
> 
> Please email me back as I'm not subscribed to this list.

> 00500 13708 1276593 (T 300, # 244) ty 0 tcp, 196.14.168.229 2950 <-> x.x.x.x 22
        ^^^^^ ^^^^^^^    ^^^    ^^^
       packets bytes   seconds number

The seconds are how long the rule has until it times out. It looks
like you have an active SSH going on. All of the other rules are
expired.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message