IPFW entries in /var/log/messages

[Mel]

On Tuesday 18 September 2007 16:38:13 Mächler Philippe wrote:
> Hi Nikos
>
> Thanks for your reply.
>
> > On Tuesday 18 September 2007 16:05, Mächler Philippe wrote:
> > > Since a few weeks/months we have the following entries in the
> > >
> > > /var/log/messages logfile.
> >
> > []
> >
> > > [/var/log/messages]
> > > Sep 18 10:23:03 ns2 kernel: .11:2438 out via bge0
> > > Sep 18 10:31:35 ns2 kernel:
> > > Sep 18 10:58:05 ns2 kernel: 80
> > > Sep 18 10:58:14 ns2 kernel: <<110>ipfw: 7600 Accept UDP
> > > 80.242.206.245:55041 80.242.192.81:53 in via bge0 Sep 18
> >
> > 10:58:14 ns2
> >
> > > kernel: 110>ipfw: 7700 Accept UDP 80.242.192.81:53
> >
> > 80.242.204.85:65510
> >
> > > out via bge0
> >
> > I can think of two things.
> >
> > 1) Is anybody playing with logger(1)?
> > e.g.
> > logger -t kernel "Let's play with the administrator..."
> > tail /var/log/messages
>
> I fear ist neither of the two things you mentioned
>
> [1] /var/log/auth.log does not show an external nor an abnormal
> login. And I belive that my workmates wont fool me with stuff
> like this :)
>
> > 2) Are these entries new? Are you sure that they refer
> > to 2007-09? It can happen. Seeing a message from a year back.
> > Especially on a low maintenance box.
>
> [2] These are actual entries. In the meantime i got a few new
> ones...
> Sep 18 16:08:18 ns2 kernel: <11<110>ipfw: 7600 Accept UDP
> 80.242.205.104:50114 80.242.192.81:53 in via bge0
> Sep 18 16:08:18 ns2 kernel: 0>ipfw: 7700 Accept UDP
> 80.242.192.81:53 80.242.205.104:50111 out via bge0
> Sep 18 16:09:42 ns2 kernel: b
> Sep 18 16:13:42 ns2 kernel:
> Sep 18 16:23:14 ns2 kernel:
> Sep 18 16:23:24 ns2 kernel: 8
>
> Sep 18 16:30:49 ns2 kernel:

These looks like classic buffer corruptions, either that or you're logging 
part of the raw packet and bytes interpreted as non-printing chars like 
return and backspace mangle the output. Can you narrow it down to the one 
offending rule? Or is any logging by ipfw this mangled?


-- 
Mel