From owner-freebsd-questions Tue Nov 6 8:12:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web13303.mail.yahoo.com (web13303.mail.yahoo.com [216.136.175.39]) by hub.freebsd.org (Postfix) with SMTP id 6890837B416 for ; Tue, 6 Nov 2001 08:12:42 -0800 (PST) Message-ID: <20011106161242.6299.qmail@web13303.mail.yahoo.com> Received: from [193.174.9.99] by web13303.mail.yahoo.com via HTTP; Tue, 06 Nov 2001 17:12:42 CET Date: Tue, 6 Nov 2001 17:12:42 +0100 (CET) From: =?iso-8859-1?q?m=20p?= Subject: Re: Have I been hacked? To: cs052279@yahoo.com Cc: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Chris wrote: > > That is the problem. The IP addresses listed here are > real. I have no machine with an IP of 0.0.0.0,68. It > is going from my firewall to the inside of my > network. > It looks like something on the firewall is looking for > a dhcp server. The IP 0.0.0.0 looks very suspicious > to me. Hi Chris, you are talking about a "firewall" here. Are you sure, that you have taken proper anti-spoofing-measures in your ruleset? The first idea is, take tcpdump and look what pakets are ariving at the outside of your firewall. IF they arrive _and_ the same packets are forwarded to your internal net modify your ruleset. If not, look at your firewall with sockstat for open ports and which program is using it. If you find something suspicous there ask again. Then you may had been hacked. Just my 0.02 DEM Marc __________________________________________________________________ Gesendet von Yahoo! Mail http://mail.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message