From owner-freebsd-security Sat Dec 14 3:14:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B8D237B401 for ; Sat, 14 Dec 2002 03:14:38 -0800 (PST) Received: from mel-rto2.wanadoo.fr (smtp-out-2.wanadoo.fr [193.252.19.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34A3443EB2 for ; Sat, 14 Dec 2002 03:14:37 -0800 (PST) (envelope-from breton@cri.ensmp.fr) Received: from mel-rta10.wanadoo.fr (193.252.19.193) by mel-rto2.wanadoo.fr (6.7.015) id 3DF630960027D3C4 for freebsd-security@freebsd.org; Sat, 14 Dec 2002 12:14:36 +0100 Received: from athena (80.14.195.215) by mel-rta10.wanadoo.fr (6.7.015) id 3DF6325A0020449C for freebsd-security@freebsd.org; Sat, 14 Dec 2002 12:14:36 +0100 Content-Type: text/plain; charset="us-ascii" From: Erwan Breton To: freebsd-security@freebsd.org Subject: Kernel log messages Date: Sat, 14 Dec 2002 12:14:42 +0100 User-Agent: KMail/1.4.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200212141214.42931.breton@cri.ensmp.fr> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Since i have activate the firewall on my Box, I have many kernel log=20 messages in my security check output every night. the problem is, idon't = see=20 anymore interessant messages like bad login. athena kernel log messages: > <110>ipfw: 600 Deny TCP 80.14.195.215:3795 10.255.255.250:4661 out via = tun0 > ipfw: 800 Deny TCP 80.14.195.215:3801 192.168.10.210:4661 out via tun0 > ipfw: 800 Deny TCP 80.14.195.215:3810 192.168.1.77:4661 out via tun0 > ipfw: 1600 Deny ICMP:3.3 192.168.1.2 80.14.195.215 in via tun0 > ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 > ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 > ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 > ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0 > ipfw: 800 Deny TCP 80.14.195.215:4191 192.168.17.200:4661 out via tun0 > ipfw: 800 Deny TCP 80.14.195.215:4193 192.168.100.99:4661 out via tun0 > ipfw: 700 Deny TCP 80.14.195.215:4198 172.16.1.50:4661 out via tun0 > ipfw: 800 Deny TCP 80.14.195.215:4217 192.168.19.1:4661 out via tun0 > ipfw: 800 Deny TCP 80.14.195.215:4222 192.168.99.1:4661 out via tun0 > ipfw: 800 Deny TCP 80.14.195.215:4227 192.168.200.107:4661 out via tun0 > ipfw: 800 Deny TCP 80.14.195.215:4234 192.168.0.23:4661 out via tun0 > ipfw: 600 Deny TCP 80.14.195.215:4236 10.1.251.1:4661 out via tun0 > ipfw: 800 Deny TCP 80.14.195.215:4242 192.168.1.6:4661 out via tun0 > Etc .. etc .. etc ... main# uname -a FreeBSD 4.7-STABLE #10: Thu Nov 28 19:00:13 CET 2002 I just active firewall (i think :o) ) If u need more conf (like syslog.conf) tell it. Thanks for ideas and answers. -- R1 Bzh!!! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message