From owner-freebsd-questions@FreeBSD.ORG Fri Jan 23 07:15:34 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA11116A4CE for ; Fri, 23 Jan 2004 07:15:34 -0800 (PST) Received: from mta5.adelphia.net (mta5.adelphia.net [68.168.78.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6920143D39 for ; Fri, 23 Jan 2004 07:15:33 -0800 (PST) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([67.20.101.103]) by mta13.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20040123131652.ZLWE8989.mta13.adelphia.net@barbish>; Fri, 23 Jan 2004 08:16:52 -0500 From: "fbsd_user" To: "Didier WIROTH" , Date: Fri, 23 Jan 2004 08:16:51 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <0HRX00L08SV5Q4@mail.etat.lu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: log_in_vain="YES" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jan 2004 15:15:35 -0000 If this is happening while your system is connected to the public internet then your system is under attack by somebody who is spoofing ip address 127.0.0.1. Port 113 is the ident protocol. There is no reason for the cron jobs to be doing that. You should power off you system when not in use at least until you install an firewall software solution. You really need an firewall, and should use IPFILTER as it's stateful keep-state rules function work correctly. FBSD's ipfw stateful rules are broken when used with ipfw's divert/natd function. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Didier WIROTH Sent: Friday, January 23, 2004 4:55 AM To: freebsd-questions@freebsd.org Subject: log_in_vain="YES" When using log_in_vain="YES" I get a lot of console message of these types: Jan 21 03:01:12 ultimate kernel: Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:49188 flags:0x02 Jan 21 03:01:12 ultimate kernel: Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:49190 flags:0x02 Jan 21 03:01:12 ultimate kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:49286 Jan 21 03:01:12 ultimate kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:49287 I assume the above entries happen when the cron jobs, auth and sendmail tries to send the daily reports. What does log_in_vain actually do/work? Is it possible to tell log_in_vain to ignore connections form localhost to localhost? Many thanks Didier _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"