How to interpret ipfw log?

Sergei Gnezdov use-reply-to at gnezdov.net
Wed Apr 13 21:13:45 PDT 2005 

On 2005-04-13, Ed Stover <estover at nativenerds.com> wrote:
> On Tue, 2005-04-12 at 23:28 -0400, bob at a1poweruser.com wrote:
>> Your ipfw rule 2500 is denying those outbound packets
>> 192.168.0.200:65117  is your ip address: port number
>> 65.87.165.45:5800 is the remote target ip address and port number
>> and this is leaving your pc on NIC  named tx0
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Sergei
>> Gnezdov
>> Sent: Tuesday, April 12, 2005 11:08 PM
>> To: freebsd-questions at freebsd.org
>> Subject: How to interpret ipfw log?
>> 
>> The following firewall log seems to make very little sense to me.
>> What could it possibly mean?
>> 
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:65117
>> 65.87.165.45:5800 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:49761
>> 65.87.165.45:1003 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50116
>> 65.87.165.45:1362 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:50055
>> 65.87.165.45:6101 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62352
>> 65.87.165.45:888 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61272
>> 65.87.165.45:969 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:58267
>> 65.87.165.45:471 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:54164
>> 65.87.165.45:1496 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:61306
>> 65.87.165.45:5716 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64970
>> 65.87.165.45:281 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:64115
>> 65.87.165.45:106 out via tx0
>> Apr 11 04:27:05 name kernel: ipfw: 2500 Deny TCP 192.168.0.200:62007
>> 65.87.165.45:284 out via tx0

> looks like nmap ;)

I don't remember running nmap.  What are the chances that machine is
compromised?

More information about the freebsd-questions mailing list