Kernel log messages

From: Erwan Breton (breton@cri.ensmp.fr)
Date: 12/14/02

• Next message: Peter Pentchev: "Re: Kernel log messages"
• Previous message: Kirk Bailey: "subscribe"
• Next in thread: Peter Pentchev: "Re: Kernel log messages"
• Reply: Peter Pentchev: "Re: Kernel log messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Erwan Breton <breton@cri.ensmp.fr>
To: freebsd-security@freebsd.org
Date: Sat, 14 Dec 2002 12:14:42 +0100

Hi,

  Since i have activate the firewall on my Box, I have many kernel log
messages in my security check output every night. the problem is, idon't see
anymore interessant messages like bad login.

athena kernel log messages:
> <110>ipfw: 600 Deny TCP 80.14.195.215:3795 10.255.255.250:4661 out via tun0
> ipfw: 800 Deny TCP 80.14.195.215:3801 192.168.10.210:4661 out via tun0
> ipfw: 800 Deny TCP 80.14.195.215:3810 192.168.1.77:4661 out via tun0
> ipfw: 1600 Deny ICMP:3.3 192.168.1.2 80.14.195.215 in via tun0
> ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
> ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
> ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
> ipfw: 4000 Deny TCP 80.105.241.117:62104 80.14.195.215:139 in via tun0
> ipfw: 800 Deny TCP 80.14.195.215:4191 192.168.17.200:4661 out via tun0
> ipfw: 800 Deny TCP 80.14.195.215:4193 192.168.100.99:4661 out via tun0
> ipfw: 700 Deny TCP 80.14.195.215:4198 172.16.1.50:4661 out via tun0
> ipfw: 800 Deny TCP 80.14.195.215:4217 192.168.19.1:4661 out via tun0
> ipfw: 800 Deny TCP 80.14.195.215:4222 192.168.99.1:4661 out via tun0
> ipfw: 800 Deny TCP 80.14.195.215:4227 192.168.200.107:4661 out via tun0
> ipfw: 800 Deny TCP 80.14.195.215:4234 192.168.0.23:4661 out via tun0
> ipfw: 600 Deny TCP 80.14.195.215:4236 10.1.251.1:4661 out via tun0
> ipfw: 800 Deny TCP 80.14.195.215:4242 192.168.1.6:4661 out via tun0
> Etc .. etc .. etc ...

main# uname -a
FreeBSD 4.7-STABLE #10: Thu Nov 28 19:00:13 CET 2002
I just active firewall (i think :o) )

If u need more conf (like syslog.conf) tell it.

Thanks for ideas and answers.

--
R1 Bzh!!!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Peter Pentchev: "Re: Kernel log messages"
• Previous message: Kirk Bailey: "subscribe"
• Next in thread: Peter Pentchev: "Re: Kernel log messages"
• Reply: Peter Pentchev: "Re: Kernel log messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [REVS] Bypassing Client Application Protection Techniques ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ... (Securiteam) Re: Recycler security issues on IIS server ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ... (microsoft.public.inetserver.iis.security) Why hasnt Symantec addressed nastier Messenger spoofs ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ... (comp.security.misc) Re:RE : suggestions on a good firewall ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ... (Security-Basics) Re: What is the Pattern here ? ... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-12