[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipf > pf beginner question



At 13:38 10/30/2002 -0300, Helio Alexandre Lopes Loureiro wrote:
[[email protected]:root]# tcpdump -i eth0 -n port 53
tcpdump: listening on eth0
13:34:35.922231 146.250.147.127.1030 > 146.250.158.238.53:  46641+ A?
helio.loureiro.eng.br. (39) (DF)
13:34:35.929837 146.250.158.238.53 > 146.250.147.127.1030:  46641 2/5/4
CNAME[|domain] (DF)

        Here you can see a tcpdump from my Linux laptop (yes, Linux), where I
started a "nslookup".  My machine, 146.250.147.127, started connection
from port 1030 (any free port above 1024) to dns server,
146.250.158.238, port 53.

OK, got it. Then below is an example from the pf.log where requests to the domain service on port 47466 are blocked. Are they illegal then?


Oct 29 23:45:23.025300 rule 30/0(match): block in on xl0: 212.209.91.130.53 > 217.215.7.177.47466: 10479* 0/1/0 (85) (DF)
Oct 29 23:45:23.026227 rule 30/0(match): block in on xl0: 212.209.91.130.53 > 217.215.7.177.47466: 42856* 0/1/0 (85) (DF)
Oct 29 23:45:23.027059 rule 30/0(match): block in on xl0: 192.36.125.2.53 > 217.215.7.177.47466: 14942*- 1/3/3 (177)
Oct 29 23:45:23.027377 rule 30/0(match): block in on xl0: 212.209.91.130.53 > 217.215.7.177.47466: 12645* 0/1/0 (81) (DF)
Oct 29 23:45:23.027910 rule 30/0(match): block in on xl0: 212.209.91.130.53 > 217.215.7.177.47466: 33552* 0/1/0 (81) (DF)
Oct 29 23:45:23.202936 rule 30/0(match): block in on xl0: 192.35.51.30.53 > 217.215.7.177.47466: 6201- 0/2/2 (105)
Oct 29 23:45:23.223715 rule 30/0(match): block in on xl0: 128.32.136.12.53 > 217.215.7.177.47466: 37607* 0/1/1 (94)
Oct 29 23:45:23.225328 rule 30/0(match): block in on xl0: 128.32.136.12.53 > 217.215.7.177.47466: 1466* 0/1/1 (94)