Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Jan 2004 09:39:21 -0500
From:      "fbsd_user" <fbsd_user@a1poweruser.com>
To:        "Didier WIROTH" <didier.wiroth@mcesr.etat.lu>, <freebsd-questions@freebsd.org>
Subject:   RE: log_in_vain="YES"
Message-ID:  <MIEPLLIBMLEEABPDBIEGEENOFFAA.fbsd_user@a1poweruser.com>
In-Reply-To: <0HRY00B254QJOX@mail.etat.lu>

next in thread | previous in thread | raw e-mail | index | archive | help
Your problem conclusion sounds logical to me.
I run postfix and firewall with log_in_vain option
On my gateway system and do not get what you have.
Can not help you in verifying the problem.
It's not really an bug, just uncommon mix of
system configuration options.
Sendmail is functioning normally and so is log_in_vain.
Since you have firewall up stream, you really have no
need for the log_in_vain option.



-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Didier
WIROTH
Sent: Friday, January 23, 2004 9:11 AM
To: freebsd-questions@freebsd.org
Subject: RE: log_in_vain="YES"

Thanks for answering.

No actually I don't think someone is spoofing. There is a firewall
(other
machine, actually) blocking any kind of incoming&outgoing 127.
adresses.
So I don't think (at this time) that this is the problem.

What I ment with cron, is that there are daily reports the are being
sent
via sendmail.
I've this sendmail option in rc.conf: sendmail_enable="NO".
Sendmail is only listening on localhost.

I assume that my freebsd host sends a auth command to 127.0.0.1
because a
sendmail connection is being tried from 127.0.0.1.
The samples of my 127.0.0.1 entries corresponds exactly at the time,
that
the daily reports arrives.

Perhaps someone could confirm this?





-----Original Message-----
From: fbsd_user [mailto:fbsd_user@a1poweruser.com]
Sent: vendredi 23 janvier 2004 14:17
To: Didier WIROTH; freebsd-questions@freebsd.org
Subject: RE: log_in_vain="YES"

If this is happening while your system is connected to the public
internet
then your system is under attack by somebody who is spoofing ip
address
127.0.0.1.  Port 113 is the ident protocol.
There is no reason for the cron jobs to be doing that. You should
power off
you system when not in use at least until you install an firewall
software
solution.

You really need an firewall, and should use IPFILTER as it's
stateful
keep-state rules function work correctly. FBSD's ipfw stateful rules
are
broken when used with ipfw's divert/natd function.

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGEENOFFAA.fbsd_user>