From owner-freebsd-questions@FreeBSD.ORG Sun Oct 12 15:06:53 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5DBE3569 for ; Sun, 12 Oct 2014 15:06:53 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 27940171 for ; Sun, 12 Oct 2014 15:06:52 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-73.adsl.hiwaay.net [216.180.19.73]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id s9CF6oNK030973 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sun, 12 Oct 2014 10:06:51 -0500 Message-ID: <543A9A81.5080403@hiwaay.net> Date: Sun, 12 Oct 2014 10:13:05 -0500 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: "FreeBSD Questions !!!!" Subject: syslog output .... Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Oct 2014 15:06:53 -0000 .... I did a 'pkg upgrade a few days ago (Oct 8). Since then I have been seeing messages like the following in my /var/log/messages file: Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1839 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:2196 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1272 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:57294 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1001 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:4998 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:2135 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1248 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:3006 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1666 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1862 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:5555 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:7911 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:8087 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:544 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:56738 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:8180 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:15000 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:8011 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1805 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:27356 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:49175 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:9009 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:2002 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:51493 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:65389 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1026 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:6001 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:2200 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:6101 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1058 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:406 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1322 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:10001 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:787 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:2030 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:8085 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:6502 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:41511 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:3030 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:49167 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:7435 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:7778 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1011 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1152 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:1717 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:13 kabini1 kernel: TCP: [192.168.0.9]:43713 to [192.168.0.27]:2301 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:21 kabini1 kernel: TCP: [192.168.0.9]:43860 to [192.168.0.27]:1 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 09:08:23 kabini1 kernel: TCP: [192.168.0.9]:43860 to [192.168.0.27]:1 tcpflags 0x2; tcp_input: Connection attempt to closed port I did an nmap of this machine this A.M., right about 9:08, from 192.168.0.9, so I think that's what prompted the output. I have done that nmap in the past, w/ no such output in my messages file. What changed so that I am now seeing it ? How can I trim it down such that it ignores other boxen on my LAN ? Before the nmap, I had: Oct 9 03:03:05 kabini1 kernel: TCP: [127.0.0.1]:33651 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 9 03:03:35 kabini1 kernel: TCP: [127.0.0.1]:46424 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 9 04:31:02 kabini1 kernel: TCP: [127.0.0.1]:39302 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 9 04:55:09 kabini1 kernel: TCP: [127.0.0.1]:35438 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 10 03:03:06 kabini1 kernel: TCP: [127.0.0.1]:42452 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 10 03:03:36 kabini1 kernel: TCP: [127.0.0.1]:35490 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 10 04:31:03 kabini1 kernel: TCP: [127.0.0.1]:10883 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 10 04:55:09 kabini1 kernel: TCP: [127.0.0.1]:29976 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 11 03:03:04 kabini1 kernel: TCP: [127.0.0.1]:31176 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 11 03:03:34 kabini1 kernel: TCP: [127.0.0.1]:58845 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 11 04:15:22 kabini1 kernel: TCP: [127.0.0.1]:53631 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 11 04:31:02 kabini1 kernel: TCP: [127.0.0.1]:57289 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 11 04:55:03 kabini1 kernel: TCP: [127.0.0.1]:64800 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 03:03:07 kabini1 kernel: TCP: [127.0.0.1]:31921 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 03:03:37 kabini1 kernel: TCP: [127.0.0.1]:12746 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 04:31:02 kabini1 kernel: TCP: [127.0.0.1]:65525 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port Oct 12 04:55:03 kabini1 kernel: TCP: [127.0.0.1]:40810 to [127.0.0.1]:113 tcpflags 0x2; tcp_input: Connection attempt to closed port apparently from cron jobs I have scheduled @ ~3:00 A.M. & ~4:00 A.M. on the local machine, i.e. it squawks about stuff from both other LAN boxen & from onboard jobs .... The output from the nmap is obviously voluminous & washes other output out of quick view (tail -50 /var/log/messages). The other output will get annoying, since it is harmless. I would like to hear from other machines not on my LAN, however. Any advice appreciated. TIA .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.