Site Navigation

Date:      Wed, 15 Feb 2017 15:56:40 +0100
From:      Mark Martinec <Mark.Martinec+freebsd@ijs.si>
To:        freebsd-stable@freebsd.org
Cc:        Eric van Gyzen <vangyzen@freebsd.org>
Subject:   Re: net.inet.udp.log_in_vain strange syslog reports
Message-ID:  <318110819f687c06e6d412955bbac6b1@ijs.si>
In-Reply-To: <7dca33f9-e817-7d79-bddd-332e745a1c05@FreeBSD.org>
References:  <76681a24b7935674585b5ac585f4575c@ijs.si> <ab6cbfbb-83c3-e27d-0d26-50313f171bf0@FreeBSD.org> <667fa3e1dd8e7cebbf4566467a7987bf@ijs.si> <7dca33f9-e817-7d79-bddd-332e745a1c05@FreeBSD.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

2017-02-06 18:04, Eric van Gyzen wrote:

> On 02/06/2017 10:19, Mark Martinec wrote:
>> Hope the fix finds its way into 11.1 (or better yet, as a patch level
>> in 10.0).  Should I open a bug report?
> 
> It will quite likely get into 11.1.  As for a 10.x patch, you would 
> have
> to ask re@ (I think), but I doubt it.  These messages are really just
> informative and can't be used for any filtering, since the source
> address could be spoofed.

I meant to say 11.0-p*, but nevermind.


In a similar vein, I noticed also the following in our logs,
with net.inet.tcp.log_in_vain=1.

Looks like messages got concatenated somehow:

Jan 25 01:37:53 mildred kernel: TCP: [2607:ff10:c5:509a::10]:26459 to 
[2001:1470:ff80::80:16]:4911 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:14898 to 
[2001:1470:ff80::80:16]:5222 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 25 23:55:09 mildred kernel: TCP: [2607:ff10:c5:509a::10]:58022 to 
[2001:1470:ff80::80:16]:9981 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:34680 to 
[2001:1470:ff80::80:16]:10243 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closedport
Jan 25 23:55:09 mildred kernel: TCP: [2607:ff10:c5:509a::10]:30991 to 
[2001:1470:ff80::80:16]:8554 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:20012 to 
[2001:1470:ff80::80:16]:8443 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 25 23:55:09 mildred kernel: TCP: [2607:ff10:c5:509a::10]:14166 to 
[2001:1470:ff80::80:16]:6666 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:34680 to 
[2001:1470:ff80::80:16]:8010 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 25 23:55:09 mildred kernel: TCP: [2607:ff10:c5:509a::10]:47957 to 
[2001:1470:ff80::80:16]:3460 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:34680 to 
[2001:1470:ff80::80:16]:13579 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closedport
Jan 25 23:55:09 mildred kernel: TCP: [2607:ff10:c5:509a::10]:20012 to 
[2001:1470:ff80::80:16]:9001 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:30651 to 
[2001:1470:ff80::80:16]:9000 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 12 04:50:58 mildred kernel: TCP: [2607:ff10:c5:509a::1]:42266 to 
[2001:1470:ff80::80:16]:49153 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::1]:35372 to 
[2001:1470:ff80::80:16]:62078 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 18 03:01:59 mildred kernel: TCP: [2607:ff10:c5:509a::10]:58022 to 
[2001:1470:ff80::80:16]:9200 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:46640 to 
[2001:1470:ff80::80:16]:8181 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 18 03:01:59 mildred kernel: TCP: [2607:ff10:c5:509a::10]:36877 to 
[2001:1470:ff80::80:16]:7218 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:46640 to 
[2001:1470:ff80::80:16]:7071 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 18 03:01:59 mildred kernel: TCP: [2607:ff10:c5:509a::10]:30651 to 
[2001:1470:ff80::80:16]:9000 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:36877 to 
[2001:1470:ff80::80:16]:2332 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 18 03:01:59 mildred kernel: TCP: [2607:ff10:c5:509a::10]:46640 to 
[2001:1470:ff80::80:16]:7548 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:46640 to 
[2001:1470:ff80::80:16]:5986 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 19 02:52:34 mildred kernel: TCP: [2607:ff10:c5:509a::1]:42266 to 
[2001:1470:ff80::80:16]:49153 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::1]:35372 to 
[2001:1470:ff80::80:16]:62078 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 19 02:52:34 mildred kernel: TCP: [2607:ff10:c5:509a::1]:61788 to 
[2001:1470:ff80::80:16]:20000 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::1]:34680 to 
[2001:1470:ff80::80:16]:10243 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 19 02:52:34 mildred kernel: TCP: [2607:ff10:c5:509a::1]:41249 to 
[2001:1470:ff80::80:16]:44818 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::1]:49717 to 
[2001:1470:ff80::80:16]:8649 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 20 04:49:15 mildred kernel: TCP: [2607:ff10:c5:509a::1]:36877 to 
[2001:1470:ff80::143:1]:50100 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::1]:42266 to 
[2001:1470:ff80::143:1]:49153 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 20 10:03:52 mildred kernel: TCP: [2607:ff10:c5:509a::10]:31430 to 
[2001:1470:ff80::143:1]:8099 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:46640 to 
[2001:1470:ff80::143:1]:9943 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 20 10:03:52 mildred kernel: TCP: [2607:ff10:c5:509a::10]:9696 to 
[2001:1470:ff80::143:1]:16010 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:34680 to 
[2001:1470:ff80::143:1]:25105 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closedport
Jan 20 10:03:52 mildred kernel: TCP: [2607:ff10:c5:509a::10]:34680 to 
[2001:1470:ff80::143:1]:4040 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:23668 to 
[2001:1470:ff80::143:1]:5577 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed port
Jan 20 10:03:52 mildred kernel: TCP: [2607:ff10:c5:509a::10]:1940 to 
[2001:1470:ff80::143:1]:49152 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed TCP: [2607:ff10:c5:509a::10]:6440 to 
[2001:1470:ff80::143:1]:5672 tcpflags 0x2<SYN>; tcp_input: Connection 
attempt to closed pport

   Mark

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?318110819f687c06e6d412955bbac6b1>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact