Date: Fri, 26 Feb 1999 18:44:17 -0600 From: Guy Helmer <ghelmer@scl.ameslab.gov> To: Brian Handy <handy@lambic.physics.montana.edu> Cc: hackers@freebsd.org Subject: Re: unwanted packets in secure mode Message-ID: <Pine.SGI.4.05.9902261828590.22677-100000@demios.scl.ameslab.gov> In-Reply-To: <Pine.BSF.4.05.9902261636330.25751-100000@lambic.physics.montana.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 26 Feb 1999, Brian Handy wrote:
> Hey folks,
>
> I'm running syslogd in secure mode ("-s" option in rc.conf), and I got
> these messages today:
>
> Message from syslogd@lambic at Fri Feb 26 16:01:57 1999 ...
> lambic syslogd: discarded 1 unwanted packets in secure mode
>
> ....
>
> I discarded 8 packets, all told. I recognize I asked syslogd to discard
> these, and sure enough, if I look at the syslogd man page, that's what it
> says it's supposed to do.
>
> What's it doing? Any way to tell where these are coming from? Should I
> wonder about this?
Maybe easiest way to find out where these packets are coming from would be
to use a kernel built with options IP_FIREWALL and IP_FIREWALL_VERBOSE,
turn on firewalling in /etc/rc.conf, and include a firewall rule (probably
in the rc.firewall client section) like
$fwcmd add deny log udp from any to ${ip} 514
This would log the source info for all packets that try to get to udp port
514 on your system.
Of course, you would probably have to adjust the remaining firewall rules
to allow your system to run normally :-)
Guy
Guy Helmer, Ph.D. Candidate, Iowa State University Dept. of Computer Science
Research Assistant, Ames Laboratory --- ghelmer@scl.ameslab.gov
Research Assistant, Dept. of Computer Science --- ghelmer@cs.iastate.edu
http://www.cs.iastate.edu/~ghelmer
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.4.05.9902261828590.22677-100000>