Date: Mon, 8 Jan 2001 13:01:05 -0500 From: Vivek Khera <khera@kciLink.com> To: questions@freebsd.org Subject: ipfw fragments and connections to port 0 Message-ID: <14938.97.366645.802181@onceler.kciLink.com>
next in thread | raw e-mail | index | archive | help
Every so often, I see something like this in my log files from ipfw: ipfw: -1 Refuse TCP 63.252.242.78:0 204.117.82.12:0 in via fxp0 From what I understand, this is a connection to port 0, but I'm not sure what that means, since port numbers start at 1. Is this some sort of attack or other kind of scan going on? Also, occasionally I see this: ipfw: -1 Refuse TCP 24.0.95.136 204.117.82.12 in via fxp0 Fragment = 184 What's that from, and do I need to take any corrective action? These are my rules, which are quite simple, and mainly to protect from snmp snoops: 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny log udp from not 208.184.13.195 to 204.117.82.12 161,162 65535 allow ip from any to any I'm on FreeBSD 4.1.1-STABLE on this particular box. I haven't seen any use of the "frag" keyword in the example I've seen in the various docs, so I'm not sure how exactly to use it. Thanks. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: khera@kciLink.com Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14938.97.366645.802181>