Date: Fri, 23 Jan 2004 08:16:51 -0500 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "Didier WIROTH" <didier.wiroth@mcesr.etat.lu>, <freebsd-questions@freebsd.org> Subject: RE: log_in_vain="YES" Message-ID: <MIEPLLIBMLEEABPDBIEGOENJFFAA.fbsd_user@a1poweruser.com> In-Reply-To: <0HRX00L08SV5Q4@mail.etat.lu>
next in thread | previous in thread | raw e-mail | index | archive | help
If this is happening while your system is connected to the public internet then your system is under attack by somebody who is spoofing ip address 127.0.0.1. Port 113 is the ident protocol. There is no reason for the cron jobs to be doing that. You should power off you system when not in use at least until you install an firewall software solution. You really need an firewall, and should use IPFILTER as it's stateful keep-state rules function work correctly. FBSD's ipfw stateful rules are broken when used with ipfw's divert/natd function. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Didier WIROTH Sent: Friday, January 23, 2004 4:55 AM To: freebsd-questions@freebsd.org Subject: log_in_vain="YES" When using log_in_vain="YES" I get a lot of console message of these types: Jan 21 03:01:12 ultimate kernel: Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:49188 flags:0x02 Jan 21 03:01:12 ultimate kernel: Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:49190 flags:0x02 Jan 21 03:01:12 ultimate kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:49286 Jan 21 03:01:12 ultimate kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:49287 I assume the above entries happen when the cron jobs, auth and sendmail tries to send the daily reports. What does log_in_vain actually do/work? Is it possible to tell log_in_vain to ignore connections form localhost to localhost? Many thanks Didier _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGOENJFFAA.fbsd_user>