Date: Wed, 18 Nov 1998 15:07:14 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: tarkhil@synchroline.ru Cc: security@FreeBSD.ORG Subject: Re: What can it be? Message-ID: <199811182307.PAA16728@bubba.whistle.com> In-Reply-To: <199811161220.PAA14992@enterprise.synchroline.ru> from "Alexander B. Povolotsky" at "Nov 16, 98 03:20:05 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Alexander B. Povolotsky writes: > My firewall logs lots of messages like these. Don't anyone know what can it > be? Kind of attack? > > Nov 16 15:09:47 satellite /kernel: ipfw: 60000 Deny TCP 207.90.134.191 > 195.16.101.2 in via fxp0 Fragment = 123 Perhaps you've got earlier rules that block port numbers and/or TCP flags. These rules won't match fragments. Then the fragments hit the later (logging) rule.. ?? If so you need to allow (non zero offset) fragments. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811182307.PAA16728>