Date: Sun, 25 Mar 2001 18:59:54 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Jim Freeze <jim@freeze.org> Cc: "Andrew C. Hornback" <hornback@wireco.net>, FreeBSD Questions <questions@FreeBSD.ORG> Subject: Re: Meaging of Security Check? Message-ID: <20010325185954.G5425@rfx-216-196-73-168.users.reflex> In-Reply-To: <Pine.BSF.4.32.0103252119090.44160-100000@www.stelesys.com>; from jim@freeze.org on Sun, Mar 25, 2001 at 09:28:24PM -0500 References: <20010325173549.E5425@rfx-216-196-73-168.users.reflex> <Pine.BSF.4.32.0103252119090.44160-100000@www.stelesys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 25, 2001 at 09:28:24PM -0500, Jim Freeze wrote:
> On Sun, 25 Mar 2001, Crist J. Clark wrote:
> > On Sun, Mar 25, 2001 at 07:55:32PM -0500, Jim Freeze wrote:
> > > On Sun, 25 Mar 2001, Crist J. Clark wrote:
> > > > On Sat, Mar 24, 2001 at 11:43:32AM -0500, Andrew C. Hornback wrote:
> > > > > > -----Original Message-----
> > > > > > From: owner-freebsd-questions@FreeBSD.ORG
> > > > > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Jim Freeze
> > > > > > Sent: Saturday, March 24, 2001 7:50 AM
> > > > > > To: questions@freebsd.org
> > > > > > Subject: Meaging of Security Check?
> > > > > >
> > > > > >
> > > > > > Hi:
> > > > > >
> > > > > > I received the following security check and was wondering what it means:
> > > > > >
> > > > > > eeyore1 security check output
> > > > > >
> > > > > > eeyore1 kernel log messages:
> > > > > > > x3f8-0x3ff irq 4 flags 0x10 on isa
> > > > > > > ipfw: 40 Accept TCP 157.95.47.65:776 24.9.218.175:22 in via vx0
> > > > > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0
> > > > > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0
> > > > > > > ...where the above is repeated for about 100 lines
[snip]
> This returns:
> % grep dhcp-server /var/db/dh
> client.leases
> option dhcp-server-identifier 24.2.7.70;
> option dhcp-server-identifier 24.2.7.70;
Yep. The expected result.
> % cat /var/db/dhclient.leases
[snip]
> lease {
> interface "vx0";
> fixed-address 24.9.218.175;
> option subnet-mask 255.255.255.0;
> option routers 24.9.218.1;
> option domain-name-servers 24.5.116.15,24.5.116.17;
> option domain-name "lxintn1.ky.home.com";
> option broadcast-address 24.9.218.255;
> option dhcp-lease-time 604800;
> option dhcp-message-type 5;
> option dhcp-server-identifier 24.2.7.70;
> renew 5 2001/3/23 16:45:14;
This is the time when your machine wants to start asking its server
about renewing its lease.
> rebind 1 2001/3/26 07:45:14;
This is the time when your machine will start asking _any_ server for
a new lease.
> expire 2 2001/3/27 04:45:14;
This is the time when the machine must stop using its lease.
> }
> So, it is my machine that is prompting this traffic?
Look again at the log entries,
> > > > > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0
> > > > > > > ipfw: 65000 Deny UDP 24.9.218.175:68 24.2.7.70:67 out via vx0
> > > > > > > ...where the above is repeated for about 100 lines
Note the 'out via.' That tells you the traffic was originating at your
machine.
> Will opening this up cause my ip to change? So far it has been static.
It is possible, but very unlikely. It's easier for everyone if leases
are renewed with no changes. The alternative if you leave DHCP broken
is that the server may try to give your IP to another machine.
I like your lease times. Look at the spacing on mine,
renew 1 2001/3/26 03:09:35;
rebind 1 2001/3/26 03:20:50;
expire 1 2001/3/26 03:24:35;
It expires fifteen minutes after I'm supposed to renew, and I renew
every fifteen minutes.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010325185954.G5425>