From owner-freebsd-questions Sun Mar 25 19: 0:20 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 59AA437B71A for ; Sun, 25 Mar 2001 19:00:16 -0800 (PST) (envelope-from cjc@rfx-216-196-73-168.users.reflexcom.com) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 25 Mar 2001 18:58:00 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.3/8.11.1) id f2Q2xtv11488; Sun, 25 Mar 2001 18:59:55 -0800 (PST) (envelope-from cjc) Date: Sun, 25 Mar 2001 18:59:54 -0800 From: "Crist J. Clark" To: Jim Freeze Cc: "Andrew C. Hornback" , FreeBSD Questions Subject: Re: Meaging of Security Check? Message-ID: <20010325185954.G5425@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <20010325173549.E5425@rfx-216-196-73-168.users.reflex> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jim@freeze.org on Sun, Mar 25, 2001 at 09:28:24PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Mar 25, 2001 at 09:28:24PM -0500, Jim Freeze wrote: > On Sun, 25 Mar 2001, Crist J. Clark wrote: > > On Sun, Mar 25, 2001 at 07:55:32PM -0500, Jim Freeze wrote: > > > On Sun, 25 Mar 2001, Crist J. Clark wrote: > > > > On Sat, Mar 24, 2001 at 11:43:32AM -0500, Andrew C. Hornback wrote: > > > > > > -----Original Message----- > > > > > > From: owner-freebsd-questions@FreeBSD.ORG > > > > > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Jim Freeze > > > > > > Sent: Saturday, March 24, 2001 7:50 AM > > > > > > To: questions@freebsd.org > > > > > > Subject: Meaging of Security Check? > > > > > > > > > > > > > > > > > > Hi: > > > > > > > > > > > > I received the following security check and was wondering what it means: > > > > > > > > > > > > eeyore1 security check output > > > > > > > > > > > > eeyore1 kernel log messages: > > > > > > > x3f8-0x3ff irq 4 flags 0x10 on isa > > > > > > > ipfw: 40 Accept TCP 157.95.47.65:776 24.9.218.175:22 in via vx0 > > > > > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0 > > > > > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0 > > > > > > > ...where the above is repeated for about 100 lines [snip] > This returns: > % grep dhcp-server /var/db/dh > client.leases > option dhcp-server-identifier 24.2.7.70; > option dhcp-server-identifier 24.2.7.70; Yep. The expected result. > % cat /var/db/dhclient.leases [snip] > lease { > interface "vx0"; > fixed-address 24.9.218.175; > option subnet-mask 255.255.255.0; > option routers 24.9.218.1; > option domain-name-servers 24.5.116.15,24.5.116.17; > option domain-name "lxintn1.ky.home.com"; > option broadcast-address 24.9.218.255; > option dhcp-lease-time 604800; > option dhcp-message-type 5; > option dhcp-server-identifier 24.2.7.70; > renew 5 2001/3/23 16:45:14; This is the time when your machine wants to start asking its server about renewing its lease. > rebind 1 2001/3/26 07:45:14; This is the time when your machine will start asking _any_ server for a new lease. > expire 2 2001/3/27 04:45:14; This is the time when the machine must stop using its lease. > } > So, it is my machine that is prompting this traffic? Look again at the log entries, > > > > > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0 > > > > > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0 > > > > > > > ...where the above is repeated for about 100 lines Note the 'out via.' That tells you the traffic was originating at your machine. > Will opening this up cause my ip to change? So far it has been static. It is possible, but very unlikely. It's easier for everyone if leases are renewed with no changes. The alternative if you leave DHCP broken is that the server may try to give your IP to another machine. I like your lease times. Look at the spacing on mine, renew 1 2001/3/26 03:09:35; rebind 1 2001/3/26 03:20:50; expire 1 2001/3/26 03:24:35; It expires fifteen minutes after I'm supposed to renew, and I renew every fifteen minutes. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message