From owner-freebsd-questions  Thu Jul 30 01:47:14 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA02833
          for freebsd-questions-outgoing; Thu, 30 Jul 1998 01:47:14 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA02825
          for <freebsd-questions@freebsd.org>; Thu, 30 Jul 1998 01:47:11 -0700 (PDT)
          (envelope-from jkb@best.com)
Received: from localhost (jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id BAA18224;
	Thu, 30 Jul 1998 01:47:05 -0700 (PDT)
X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs
Date: Thu, 30 Jul 1998 01:47:05 -0700 (PDT)
From: "Jan B. Koum " <jkb@best.com>
X-Sender: jkb@shell6.ba.best.com
To: Andrew Stone <andrew@stone.com>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: sysctl -w net.inet.udp.log_in_vain=1 causes spurious messages
In-Reply-To: <199807292015.OAA00513@floyd.stone.com>
Message-ID: <Pine.BSF.3.96.980730014315.17374A-100000@shell6.ba.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


	Hello,

	I guess this is something I will have to add to security docs (how
to undo things).
	To turn off log_in_vain simply do

# sysctl -w net.inet.tcp.log_in_vain=0
# sysctl -w net.inet.tcp.log_in_vain=0

	(1 turns things on, 0 turns things off).
	I guess I should also add to the How-To that this is sysctl change
will generate a lot of noice.

-- Yan

Jan Koum                  jkb@best.com |  "Turn up the lights; I don't want
www.FreeBSD.org --  The Power to Serve |   to go home in the dark."
"Write longer sentences - they are paying us a lot of money"

On Wed, 29 Jul 1998, Andrew Stone wrote:

>(I'm not on this mailing list, so please reply to me, and I'll summarize, thanks!)
>
>While beefing up the security of our freeBSD gateway, I call these sysctl's from rc.local:
>
>sysctl -w net.inet.tcp.log_in_vain=1
>sysctl -w net.inet.udp.log_in_vain=1
>sysctl -w kern.securelevel=2
>
>
>The kernel logs messages like the following, which, since it's from the gateway to the gateway, make no sense and just add noise:
>(note 53 is the DNS port, which we allow with ipfw, but these are being logged by the kernel, the IP address is the local gateway IP address)
>
>Connection attempt to UDP 198.111.108.100:1027 from 198.111.108.100:53
>Connection attempt to UDP 198.111.108.100:1029 from 198.111.108.100:53
>Connection attempt to UDP 198.111.108.100:1031 from 198.111.108.100:53
>Connection attempt to UDP 198.111.108.100:1114 from 198.111.108.100:53
>
>Anyway to stop these? I looked online but found nothing.
>
>Thanks!
>
>Andrew Stone (andrew@stone.com)
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message