From owner-freebsd-stable  Thu Jul 27  7:51:50 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from srv01.el.com.br (srv01.el.com.br [200.241.214.162])
	by hub.freebsd.org (Postfix) with ESMTP
	id 206B237B5C9; Thu, 27 Jul 2000 07:51:40 -0700 (PDT)
	(envelope-from g-paiva@el.com.br)
Received: from el.com.br (dialup.intranet.el [192.168.10.10])
	by srv01.el.com.br (8.9.3/8.9.3) with ESMTP id LAA13947;
	Thu, 27 Jul 2000 11:51:32 -0300 (EST)
	(envelope-from g-paiva@el.com.br)
Message-ID: <39804D5D.B6634FB0@el.com.br>
Date: Thu, 27 Jul 2000 11:55:25 -0300
From: Gilson de Paiva <g-paiva@el.com.br>
Reply-To: npd@el.com.br
X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 4.1-RC i386)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org
Subject: Auth service sequencial probe.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,
Does anybody know any exploit or weakness of FreeBSD's auth service?
This is ( a part of ) log message generated by a ipfw rule denying any setup connection to
my external ip ( ipfw add deny log logamount 500 tcp from any to any in via ${oif} setup
).
The interesting fact is that no other service was probed, meaning that this was the
service trying to be contacted, not a nmap or other scan.

[...]
ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
ipfw: 900 Deny TCP 200.242.x.xxx:4744 x.x.x.x:113 in via ep1
[ that keeps for a while ...]

Any ideas?


-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Gilson de Paiva             E&L Producoes de Software
 mailto:npd@el.com.br        Domingos Martins - ES
 http://www.el.com.br/       Brazil
 http://www.openbsd.com.br/  Projeto OpenBSD BR
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message