Date: Thu, 4 Dec 2003 11:10:53 -0500 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "Norman Walek" <njwalek@hotmail.com>, <mtech@buffnet.net> Cc: freebsd-questions@freebsd.org Subject: RE: Connection attempt to TCP messages in /var/log/messages Message-ID: <MIEPLLIBMLEEABPDBIEGOEIBEPAA.fbsd_user@a1poweruser.com> In-Reply-To: <Law9-F4P8yJrNKBqujs000056b2@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The log-in-vain MIB is an poor mans version of an firewall. When you enable IPFW or IPFILTER this MIB and the other network security MIB's become meaningless, as the firewall gets access to the packets before anything else and drops all packets arriving on ports without any application listening on the port as technically invalid. This subject has been posted to the questions list this week. See subject thread 'network security sysctl mib's' -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Norman Walek Sent: Thursday, December 04, 2003 10:53 AM To: mtech@buffnet.net Cc: freebsd-questions@freebsd.org Subject: Re: Connection attempt to TCP messages in /var/log/messages edit /etc/syslog.conf appropriately kernel.debug for said example >Nov 25 03:09:56 asia /kernel: Connection attempt to TCP 202.79.180.131:80 njw "Mohsin Rahman" <mtech@buffnet.net> wrote in message news:<005d01c3b2d1$2cd8caa0$6213f6cd@mohsin.lucky.freebsd.questions> ... >sysctl -w net.inet.tcp.log_in_vain=1 >sysctl -w net.inet.udp.log_in_vain=1 > >turns em on and > >sysctl -w net.inet.tcp.log_in_vain=0 >sysctl -w net.inet.udp.log_in_vain=0 > >turns them off. Hope this helps. > >Anyone know how to add a time/date to this log entry and which file to >modify? > >-- >Mohsin Rahman >mtech@buffnet.net > > >----- Original Message ----- From: "Kent Stewart" <kstewart@owt.com> >To: "Spades" <spades@galaxynet.org>; <freebsd-questions@freebsd.org> >Sent: Monday, November 24, 2003 2:28 PM >Subject: Re: Connection attempt to TCP messages in /var/log/messages > > > > On Monday 24 November 2003 11:11 am, Spades wrote: > > > I did a tail -f /var/log/messages and got all these.. > > > > > > previously before my cvs and recompile kernel to 4.9 stable > > > it didn't have below.. now it does.. > > > > > > Nov 25 03:09:56 asia /kernel: Connection attempt to TCP > 202.79.180.131:80 > > > from 65.217.41.66:1681 > > > Nov 25 03:09:58 asia /kernel: Connection attempt to TCP > 202.79.180.130:80 > > > from 24.136.234.77:4059 > > > > > > question.. how to stop seeing them in /var/log/messages? > > > > > > > Buy a hardware firewall that you place in front of your computer. You > probably > > have a log option in your firewall and someone is trying to connect to > your > > web server. You could turn off logging but I like to know who is trying >to > > connect to my systems. This is especially true when I am not running a > > service and they are probing to find out if I am. > > > > Kent > > > > -- > Kent Stewart > > Richland, WA > > > > http://users.owt.com/kstewart/index.html > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > > > > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" _________________________________________________________________ Tired of slow downloads and busy signals? Get a high-speed Internet connection! Comparison-shop your local high-speed providers here. https://broadband.msn.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGOEIBEPAA.fbsd_user>