Hello, I have just setup some ipfw rules to checkout some traffic to one of my boxes. I have three servers, only one of which has weird traffic. It is getting ping'd on a five minute interval from approx 3 to 8 different ip addresses within the same second. For example: May 3 20:20:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 202.160.241.130 xxx.xxx.xxx.xxx in via dc0 May 3 20:20:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 202.160.241.130 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 64.35.7.130 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 212.162.1.194 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 216.74.133.194 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 63.218.7.130 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:03 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 166.90.213.130 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:04 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 205.158.108.194 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 64.35.7.130 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 212.162.1.194 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 216.74.133.194 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 63.218.7.130 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:13 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 166.90.213.130 xxx.xxx.xxx.xxx in via dc0 May 3 20:25:14 gaspra kernel: ipfw: 65002 Deny ICMP:8.0 205.158.108.194 xxx.xxx.xxx.xxx in via dc0 I've just started denying pings to the box... What is this? Matt Gostick <matt@crazylogic.net> _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"