I have a base FreeBSD desktop installed and notice tracffic that is not started by me. I have nothing open and see that my IPFW firewall logs are getting filled up with the following attempts, see #Log below. The key is I can look up and block - true - but why with a default install and with the following apps (Gnome2, firefox, gimp, libreoffice, and HPLID). There should not be any traffic with nothing running buy NPT and NIC stuff.
Code:
# FreeBSD Version
$ uname -a
FreeBSD r1 9.0-RELEASE-p3 FreeBSD 9.0-RELEASE-p3 #0: Tue Jun 12 02:52:29 UTC 2012
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
#Log (host and IP removed)
Jul 15 11:13:03 ipfw: 299 Deny TCP x.x.x.x2:39675 72.247.114.46:443 out via em0
Jul 15 11:13:05 ipfw: 299 Deny TCP x.x.x.x2:50450 207.109.73.43:80 out via em0
Jul 15 11:13:05 last message repeated 2 times
Jul 15 11:13:05 ipfw: 299 Deny TCP x.x.x.x2:50449 207.109.73.43:80 out via em0
Jul 15 11:13:41 ipfw: 299 Deny UDP x.x.x.x2:123 69.64.72.238:123 out via em00
Jul 15 11:13:46 ipfw: 299 Deny UDP x.x.x.x2:123 216.66.0.142:123 out via em0
Jul 15 11:13:52 ipfw: 299 Deny UDP x.x.x.x2:123 108.61.73.244:123 out via em0
Jul 15 11:13:59 ipfw: 299 Deny TCP x.x.x.x2:50450 207.109.73.43:80 out via em0
Jul 15 11:14:00 ipfw: 299 Deny TCP x.x.x.x2:61743 64.215.255.122:80 out via em0
Jul 15 11:14:33 ipfw: 299 Deny TCP x.x.x.x2:50450 207.109.73.43:80 out via em0
#IPFW Rules That Applies
# Allow out non-secure standard www function
$cmd 00200 allow tcp from any to any 80 out via $pif setup keep-state
# Allow out secure www function https over TLS SSL
$cmd 00220 allow tcp from any to any 443 out via $pif setup keep-state
# deny and log everything else that.s trying to get out.
# This rule enforces the block all by default logic.
$cmd 00299 deny log all from any to any out via $pif