[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RaQ2 ipfwadm question
- Subject: Re: [cobalt-users] RaQ2 ipfwadm question
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Thu May 1 09:23:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
GP> Date: Thu, 01 May 2003 12:15:23 -0400
GP> From: Glenn Parsons
GP> My logcheck reports are not reporting port violations from my
GP> ipfwadm configuration:
GP>
GP> Apr 30 22:46:40 ns kernel: IP fw-in deny eth0 TCP 207.178.136.130:0
GP> 208.21.174.3:0 L=0 S=0x00 I=0 F=0x0000 T=0
GP>
GP> See how the incoming and received port is not reported? Is
GP> this normal? Is this a misconfiguration on my part? Is it
GP> ipfwadm or is it logcheck?
Looks to me like the ports _are_ reported... you're just
receiving funky packets. Think: malware.
Now, if _every_ entry looks that way, I'd agree that something
isn't working correctly. Try connecting to a forbidden port from
your home connection, and see what gets logged.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.