[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pflog entries

To: misc@openbsd.org
Subject: pflog entries
From: Scott Wells <scott@shadowsystems.tzo.com>
Date: Thu, 01 Aug 2002 19:09:36 -0500
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2

Let me preface this message by saying I already know it is probably off 
topic, but I am not aware of a pf mailing list, and searches of Google 
and incidents.org haven't turned up anything.

I have a question about a couple of pflog entries from my primary 
firewall today.  I was curious to know if anyone else had experienced 
any of these, and might be able to give me additional information of 
what they might be, or what type of exploit is being seached for.

Aug 01 15:48:44.479977 rule 6/0(match): block in on dc3: 
65.68.190.233.53 > 64.81.137.2.59146:  44557 FormErr% [0q] 0/0/0 (12)
Aug 01 15:48:44.570038 rule 6/0(match): block in on dc3: 
65.68.190.233.53 > 64.81.137.2.59146:  13107* 1/4/4 A[|domain]

Here's rule 6, the one that blocked and generated the log entry:

@6 block return-icmp in log on dc3 proto udp all

Any thoughts?

Thanks,

Scott

Follow-Ups:
- Re: pflog entries
  - From: "MikeM" <MyRaQ@mgm51.com>

Prev by Date: Re: Multiple OpenBSD systems on the same disk
Next by Date: Update to RPC bugfix (patch #12)
Prev by thread: Re: Multiple OpenBSD systems on the same disk
Next by thread: Re: pflog entries
Index(es):
- Date
- Thread