Connection attempt to TCP messages in /var/log/messages
fbsd_user
fbsd_user at a1poweruser.com
Thu Dec 4 08:10:57 PST 2003
The log-in-vain MIB is an poor mans version of an firewall. When you
enable IPFW or IPFILTER this MIB and the other network security
MIB's become meaningless, as the firewall gets access to the packets
before anything else and drops all packets arriving on ports without
any application listening on the port as technically invalid. This
subject has been posted to the questions list this week. See subject
thread 'network security sysctl mib's'
-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Norman
Walek
Sent: Thursday, December 04, 2003 10:53 AM
To: mtech at buffnet.net
Cc: freebsd-questions at freebsd.org
Subject: Re: Connection attempt to TCP messages in /var/log/messages
edit /etc/syslog.conf appropriately
kernel.debug for said example
>Nov 25 03:09:56 asia /kernel: Connection attempt to TCP
202.79.180.131:80
njw
"Mohsin Rahman" <mtech at buffnet.net> wrote in message
news:<005d01c3b2d1$2cd8caa0$6213f6cd at mohsin.lucky.freebsd.questions>
...
>sysctl -w net.inet.tcp.log_in_vain=1
>sysctl -w net.inet.udp.log_in_vain=1
>
>turns em on and
>
>sysctl -w net.inet.tcp.log_in_vain=0
>sysctl -w net.inet.udp.log_in_vain=0
>
>turns them off. Hope this helps.
>
>Anyone know how to add a time/date to this log entry and which file
to
>modify?
>
>--
>Mohsin Rahman
>mtech at buffnet.net
>
>
>----- Original Message ----- From: "Kent Stewart"
<kstewart at owt.com>
>To: "Spades" <spades at galaxynet.org>;
<freebsd-questions at freebsd.org>
>Sent: Monday, November 24, 2003 2:28 PM
>Subject: Re: Connection attempt to TCP messages in
/var/log/messages
>
>
> > On Monday 24 November 2003 11:11 am, Spades wrote:
> > > I did a tail -f /var/log/messages and got all these..
> > >
> > > previously before my cvs and recompile kernel to 4.9 stable
> > > it didn't have below.. now it does..
> > >
> > > Nov 25 03:09:56 asia /kernel: Connection attempt to TCP
> 202.79.180.131:80
> > > from 65.217.41.66:1681
> > > Nov 25 03:09:58 asia /kernel: Connection attempt to TCP
> 202.79.180.130:80
> > > from 24.136.234.77:4059
> > >
> > > question.. how to stop seeing them in /var/log/messages?
> > >
> >
> > Buy a hardware firewall that you place in front of your
computer. You
> probably
> > have a log option in your firewall and someone is trying to
connect to
> your
> > web server. You could turn off logging but I like to know who is
trying
>to
> > connect to my systems. This is especially true when I am not
running a
> > service and they are probing to find out if I am.
> >
> > Kent
> >
> > -- > Kent Stewart
> > Richland, WA
> >
> > http://users.owt.com/kstewart/index.html
> >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> >
>
>
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to
>"freebsd-questions-unsubscribe at freebsd.org"
_________________________________________________________________
Tired of slow downloads and busy signals? Get a high-speed Internet
connection! Comparison-shop your local high-speed providers here.
https://broadband.msn.com
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list