Odd PF Denied Message
smithi at nimnet.asn.au
Thu Oct 18 21:06:51 PDT 2007
On Thu, 18 Oct 2007 19:36:27 +0300 Nikos Vassiliadis wrote:
> On Thursday 18 October 2007 18:39:56 Michael K. Smith - Adhost wrote:
> > Thank you for the clue! We are using log in vain as part of our
> > security logging for this particular box, but this is the only message
> > I've ever seen so I'm not sure it's really needed.
> It must be a local program trying to connect to ident.
Yes, quite likely sendmail sending daily etc reports? You can either
run a (real or fake) ident daemon (see inetd.conf), or have the firewall
reset (not drop) such connections, avoiding sendmail(ono) delays waiting
for a response. If running a mailserver, this applies to outside too.
> Probably nothing to worry about. I would check which is
> this program though. If that's the only message you get
> you must be protected, at least packet_filtering-wise.
> I think log_in_vain can be used when configuring a firewall.
> Just to see quickly if your firewall works as expected and
> then turn it off. Otherwise it is just going to create tons
> of irrelevant log messages.
On the contrary .. if your firewall is working correctly, you shouldn't
ever be seeing connection attempts to non-listening ports, especially
from outside. log_in_vain messages indicate some attention is needed,
either to block or reset those connections, or to provide a listener :)
so removing log_in_vain (shooting the messenger) may not be a good idea.
More information about the freebsd-questions