"Broadcast TCP"??!?

• Previous message: July 15 meeting info posted on website
• Next message: July 1 Board Meeting: Pho Hoa, Mountain View, 7pm
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This may be "old hat" to some of y'all, but I don't get out much, and
I found it perversely amusing....

I'm in the habit of reviewing not only the logs for my home packet
filter (and certain other services, such as the mail log & httpd log),
but also the packet filter from my laptop on a daily basis.

At work, we have delpoyed a radio link as part of a "beta" test, and
I connect the laptop to that network.  And since I know that my laptop
may well be connected to at least one network that I don't consider
"trusted" (the network in question qualifies, as does any wireless net,
including the one we use at the Apple facility where BayLISA meets, for
example), I run a simple packet filter to control -- and log certain
parts of -- the traffic that is seen.

Today, I noted this:

Jun 29 17:32:53 localhost /kernel: ipfw: 3400 Deny TCP 222.101.164.135:2124 64.62.202.0:25 in via ed1
Jun 29 17:32:53 localhost /kernel: ipfw: 3400 Deny TCP 222.101.164.135:2154 64.62.202.7:25 in via ed1
Jun 29 17:32:54 localhost /kernel: ipfw: 3400 Deny TCP 222.101.164.135:2670 64.62.202.255:25 in via ed1
Jun 29 17:32:56 localhost /kernel: ipfw: 3400 Deny TCP 222.101.164.135:2124 64.62.202.0:25 in via ed1
Jun 29 17:32:56 localhost /kernel: ipfw: 3400 Deny TCP 222.101.164.135:2154 64.62.202.7:25 in via ed1
Jun 29 17:32:57 localhost /kernel: ipfw: 3400 Deny TCP 222.101.164.135:2670 64.62.202.255:25 in via ed1
Jun 29 17:33:02 localhost /kernel: ipfw: 3400 Deny TCP 222.101.164.135:2124 64.62.202.0:25 in via ed1
Jun 29 17:33:03 localhost /kernel: ipfw: 3400 Deny TCP 222.101.164.135:2670 64.62.202.255:25 in via ed1

Now, the address my laptop was using at the time was 64.62.202.7, so
some of the above makes some sense.

The ones that got my attention, though, were the ones directed at
64.62.202.255:25.  I don't recall seeing an attempt to send TCP traffic
to a broadcast address before.  (UDP, sure; that often makes sense.  TCP?)

Anyway, I found it oddly amusing, and thought I'd share....

Peace,
david
-- 
David H. Wolfskill				david at catwhisker.org
I do not "unsubscribe" from email "services" to which I have not explicitly
subscribed.  Rather, I block spammers' access to SMTP servers I control,
and encourage others who are in a position to do so to do likewise.

• Previous message: July 15 meeting info posted on website
• Next message: July 1 Board Meeting: Pho Hoa, Mountain View, 7pm
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]