Kernel log output meaning
Illia Baidakov
illich at newchem.ru
Wed Feb 11 00:49:41 PST 2004
Hello security,
This output I've received from conventional cron daily job:
[...]
gw.nbh.ru kernel log messages:
> Limiting closed port RST response from 201 to 200 packets per second
[...]
where fxp0 is an external interface.
What could involve such a messages?
In /var/log/messages the above strings was prepended by string:
Feb 10 13:24:29 gw /kernel: ipfw: limit 100 reached on entry 10800
current ipfw #10800 entry says:
10800 1204 52976 deny log logamount 100 ip from any to 172.16.0.0/12 via fxp0
/var/log/security at this time shows many strings looking like this:
Feb 10 13:24:29 gw /kernel: ipfw: 10800 Deny TCP 11.22.33.44:1376 172.29.249.249:7 out via fxp0
11.22.33.44 is my fxp0 iface address.
I do not think I have tried to initiate such a connections purposely.
Possibly by playing whith spamassassin?..
Remember, I had failed attempt to download its source from its website
somewhere at that time. (The second downloading attempt has
successed.)
--
Thanks in advance,
Illia Baidakov.
More information about the freebsd-security
mailing list