[ previous ] [ next ] [ threads ]
 
 From:  "Ernie Zingleman" <ks4q at zingleman dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Firewall Problem with Telnet
 Date:  Tue, 21 Dec 2004 12:24:56 -0500 
Chris and Others,

Here are the 'lat 50 filter log' entries from a couple of days ago.  I had 
tried to post the entire status.php to the list but it was, of course, too 
big!
I would appreciate your insight into what I might be doing wrong here.  I've 
flagged the Telnet entries with a ** a the beginning and end of the line.
Is there possibly a mismatch in the filtering?  Should telnet traffic be 
originating on ports 3025 or 4109?

Thanks, Ernie

Dec 19 15:20:11 manitoba ipmon[79]: 15:20:11.361287 ng0 @0:19 b 
216.200.68.2,44503 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:20:11 manitoba ipmon[79]: 15:20:11.423359 ng0 @0:19 b 
208.184.139.82,36388 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
**Dec 19 15:20:31 manitoba ipmon[79]: 15:20:31.051999 ng0 @0:17 b 
216.78.32.191,3025 -> 192.168.1.32,23 PR tcp len 20 40 -AF IN**
**Dec 19 15:23:12 manitoba ipmon[79]: 15:23:12.047411 ng0 @0:17 b 
68.110.95.69,4109 -> 192.168.1.32,23 PR tcp len 20 42 -AP IN **
**Dec 19 15:23:15 manitoba ipmon[79]: 15:23:15.009790 ng0 @0:17 b 
68.110.95.69,4109 -> 192.168.1.32,23 PR tcp len 20 42 -AP IN**
**Dec 19 15:23:21 manitoba ipmon[79]: 15:23:21.022291 ng0 @0:17 b 
68.110.95.69,4109 -> 192.168.1.32,23 PR tcp len 20 42 -AP IN**
**Dec 19 15:23:33 manitoba ipmon[79]: 15:23:32.962259 ng0 @0:17 b 
68.110.95.69,4109 -> 192.168.1.32,23 PR tcp len 20 42 -AP IN**
**Dec 19 15:23:56 manitoba ipmon[79]: 15:23:56.943632 ng0 @0:17 b 
68.110.95.69,4109 -> 192.168.1.32,23 PR tcp len 20 42 -AP IN**
**Dec 19 15:24:46 manitoba ipmon[79]: 15:24:45.004924 ng0 @0:17 b 
68.110.95.69,4109 -> 192.168.1.32,23 PR tcp len 20 42 -AP IN**
Dec 19 15:31:15 manitoba ipmon[79]: 15:31:14.871581 7x ng0 @0:17 b 
216.107.107.41,80 -> 192.168.1.56,53044 PR tcp len 20 1492 -A IN
Dec 19 15:31:15 manitoba ipmon[79]: 15:31:14.924699 ng0 @0:17 b 
216.107.107.41,80 -> 192.168.1.56,53044 PR tcp len 20 337 -AP IN
Dec 19 15:37:10 manitoba ipmon[79]: 15:37:10.240209 ng0 @0:19 b 
64.209.232.37 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:11 manitoba ipmon[79]: 15:37:10.998723 ng0 @0:19 b 
64.209.232.37 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:11 manitoba ipmon[79]: 15:37:11.339145 ng0 @0:19 b 
217.146.185.137 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:12 manitoba ipmon[79]: 15:37:11.758510 ng0 @0:19 b 
64.209.232.37 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:12 manitoba ipmon[79]: 15:37:12.098772 ng0 @0:19 b 
217.146.185.137 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:13 manitoba ipmon[79]: 15:37:12.850093 ng0 @0:19 b 
217.146.185.137 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:13 manitoba ipmon[79]: 15:37:13.329226 ng0 @0:19 b 
63.163.102.36 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:13 manitoba ipmon[79]: 15:37:13.343574 ng0 @0:19 b 
216.34.77.36 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:13 manitoba ipmon[79]: 15:37:13.448537 ng0 @0:19 b 
61.213.167.237 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:14 manitoba ipmon[79]: 15:37:14.088156 ng0 @0:19 b 
63.163.102.36 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:14 manitoba ipmon[79]: 15:37:14.097258 ng0 @0:19 b 
216.34.77.36 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:14 manitoba ipmon[79]: 15:37:14.203071 ng0 @0:19 b 
61.213.167.237 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:15 manitoba ipmon[79]: 15:37:14.846837 ng0 @0:19 b 
63.163.102.36 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:15 manitoba ipmon[79]: 15:37:14.849949 ng0 @0:19 b 
216.34.77.36 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:37:15 manitoba ipmon[79]: 15:37:14.954245 ng0 @0:19 b 
61.213.167.237 -> JK.23.XYZ.12 PR icmp len 20 64 icmp echo/0 IN
Dec 19 15:46:29 manitoba ipmon[79]: 15:46:28.339784 ng0 @0:19 b 
198.5.148.6 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:29 manitoba ipmon[79]: 15:46:28.412937 ng0 @0:19 b 
63.209.221.226 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:29 manitoba ipmon[79]: 15:46:28.449175 ng0 @0:19 b 
64.14.117.10 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:29 manitoba ipmon[79]: 15:46:28.454292 ng0 @0:19 b 
216.74.133.194 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:29 manitoba ipmon[79]: 15:46:28.489836 ng0 @0:19 b 
64.41.192.103 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:29 manitoba ipmon[79]: 15:46:28.531772 ng0 @0:19 b 
80.15.238.99 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:39 manitoba ipmon[79]: 15:46:38.354393 ng0 @0:19 b 
198.5.148.6 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:39 manitoba ipmon[79]: 15:46:38.419622 ng0 @0:19 b 
63.209.221.226 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:39 manitoba ipmon[79]: 15:46:38.447072 ng0 @0:19 b 
64.14.117.10 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:39 manitoba ipmon[79]: 15:46:38.463730 ng0 @0:19 b 
216.74.133.194 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:39 manitoba ipmon[79]: 15:46:38.517741 ng0 @0:19 b 
64.41.192.103 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:39 manitoba ipmon[79]: 15:46:38.543139 ng0 @0:19 b 
80.15.238.99 -> JK.23.XYZ.12 PR icmp len 20 84 icmp echo/0 IN
Dec 19 15:46:49 manitoba ipmon[79]: 15:46:48.358697 ng0 @0:19 b 
198.5.148.6,57175 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:49 manitoba ipmon[79]: 15:46:48.430719 ng0 @0:19 b 
63.209.221.226,58144 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:49 manitoba ipmon[79]: 15:46:48.463589 ng0 @0:19 b 
64.14.117.10,19674 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:49 manitoba ipmon[79]: 15:46:48.476223 ng0 @0:19 b 
216.74.133.194,23253 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:49 manitoba ipmon[79]: 15:46:48.520376 ng0 @0:19 b 
64.41.192.103,33159 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:49 manitoba ipmon[79]: 15:46:48.604372 ng0 @0:19 b 
80.15.238.99,47039 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:59 manitoba ipmon[79]: 15:46:58.369658 ng0 @0:19 b 
198.5.148.6,57175 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:59 manitoba ipmon[79]: 15:46:58.433748 ng0 @0:19 b 
63.209.221.226,58144 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:59 manitoba ipmon[79]: 15:46:58.469418 ng0 @0:19 b 
64.14.117.10,19674 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:59 manitoba ipmon[79]: 15:46:58.485104 ng0 @0:19 b 
216.74.133.194,23253 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:59 manitoba ipmon[79]: 15:46:58.530227 ng0 @0:19 b 
64.41.192.103,33159 -> JK.23.XYZ.12,53 PR udp len 20 71 IN
Dec 19 15:46:59 manitoba ipmon[79]: 15:46:58.614929 ng0 @0:19 b 
80.15.238.99,47039 -> JK.23.XYZ.12,53 PR udp len 20 71 IN

----- Original Message ----- 
From: "Chris Buechler" <cbuechler at gmail dot com>
To: "Ernie Zingleman" <ks4q at zingleman dot com>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, December 21, 2004 12:57 AM
Subject: Re: [m0n0wall] ipfilter version?


> On Mon, 20 Dec 2004 11:33:42 -0500, Ernie Zingleman <ks4q at zingleman dot com> 
> wrote:
>> Can anyone tell me what version of IP filter is built into the Free BSD
>> kernal of m0n0wall?  I've been running 1.1 and also 1.2b3 of m0n0wall.
>>
>
> Both are v3.4.33.
>
>
>> I'm trying to do research to see if there are any bugs in the coding that
>> would affect Telnet connections.
>>
>
> If you can send the output under "last 50 filter log entries" in
> /status.php when it's dropping that telnet traffic, we might be able
> to track down what's causing the telnet connections to get messed up.
> What you sent earlier doesn't tell us a whole lot other than it's
> getting dropped.
>
> -Chris
>