From owner-freebsd-security@FreeBSD.ORG Sun Aug 21 09:34:42 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF78316A41F; Sun, 21 Aug 2005 09:34:42 +0000 (GMT) (envelope-from remko@freebsd.org) Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58EFB43D45; Sun, 21 Aug 2005 09:34:42 +0000 (GMT) (envelope-from remko@freebsd.org) Received: from localhost (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id C3B69358C53; Sun, 21 Aug 2005 11:34:40 +0200 (CEST) Received: from caelis.elvandar.org ([217.148.169.59]) by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new, port 10024) with ESMTP id 37420-03; Sun, 21 Aug 2005 11:34:40 +0200 (CEST) Received: from [10.0.2.125] (home.evilcoder.org [195.64.94.120]) by caelis.elvandar.org (Postfix) with ESMTP id 29C38358C52; Sun, 21 Aug 2005 11:34:40 +0200 (CEST) Message-ID: <43084AE9.7020305@FreeBSD.org> Date: Sun, 21 Aug 2005 11:35:37 +0200 From: Remko Lodder User-Agent: Mozilla Thunderbird 1.0.5 (Macintosh/20050711) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pat Maddox References: <810a540e05082101182e4e75fa@mail.gmail.com> In-Reply-To: <810a540e05082101182e4e75fa@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the elvandar.org maildomain X-Mailman-Approved-At: Sun, 21 Aug 2005 12:15:50 +0000 Cc: freebsd-security@freebsd.org, FreeBSD Questions Subject: Re: Security warning with sshd X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: remko@FreeBSD.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Aug 2005 09:34:42 -0000 Pat Maddox wrote: > In my recent security email, I got the following errors: > cantona.dnswatchdog.com login failures: > Aug 20 02:37:19 cantona sshd[9444]: fatal: Write failed: Operation not permitted > Aug 20 04:30:42 cantona sshd[16142]: fatal: Write failed: Operation > not permitted > Aug 20 21:21:51 cantona sshd[45716]: fatal: Write failed: Operation > not permitted > > So three questions: What is it? Should I be worried? How can I fix it? > > Thanks, > Pat A couple of messages that i read when searching through google appear to indicate that it might rely on your firewall, bad packets that are not in state anymore and such and then gets blocked by your firewall. Could you provide some more details of events happening around the same time of the messages you posted here? Perhaps something else precedes the message which gives more information on what might have happened... Url with some information: http://lists.freebsd.org/pipermail/freebsd-pf/2005-August/001337.html (and related messages) Cheers, Remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org Reporter DSINET ** remko@DSINet.org