Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 12 Oct 2014 13:29:46 -0500
From:      "William A. Mahaffey III" <>
To:        "FreeBSD Questions !!!!" <>
Subject:   Re: syslog output ....
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 10/12/14 12:04, Arthur Chance wrote:
> On 12/10/2014 16:13, William A. Mahaffey III wrote:
>> .... I did a 'pkg upgrade a few days ago (Oct 8). Since then I have been
>> seeing messages like the following in my /var/log/messages file:
>> Oct 12 09:08:13 kabini1 kernel: TCP: []:43713 to
>> []:1839 tcpflags 0x2<SYN>; tcp_input: Connection attempt to
>> closed port
> [Lots snipped]
>> I did an nmap of this machine this A.M., right about 9:08, from
>>, so I think that's what prompted the output. I have done
>> that nmap in the past, w/ no such output in my messages file. What
>> changed so that I am now seeing it ? How can I trim it down such that it
>> ignores other boxen on my LAN ? Before the nmap, I had:
> Didn't we recently discuss turning on net.inet.tcp.log_in_vain? That's 
> the sort of output you get, and nmap will trigger it when hitting 
> unopen ports. The log_in_vain sysctls are all or nothing, AFAIK you 
> can't tell them to ignore some hosts/networks. Either don't nmap scan 
> the machine or turn off the logging during the scan if you don't want 
> to see it.

Yes, we did. I just wasn't clear on exactly what sort of output it would 
give. Thanks for the clarification :-).

>> Oct  9 03:03:05 kabini1 kernel: TCP: []:33651 to
>> []:113 tcpflags 0x2<SYN>; tcp_input: Connection attempt to
>> closed port
> [More snipped]
> That's the sort of thing I see on my machine. Port 113 is the ident 
> (aka auth) service. As the addresses are all your machine is 
> asking itself to identify who is responsible for network connections 
> to itself! If you can't work out what is causing it (I never could, 
> but didn't try very hard) you can shut it up by actually running an 
> auth service. Depending on what you feel like, either enable inetd and 
> uncomment one of the built in auth entries in /etc/inetd.conf, or 
> install one of net/hidentd (also needs inetd), net/widentd, 
> security/fakeident, security/oidentd or security/pidentd. That way 
> port 113 will be listening and responding.
>> apparently from cron jobs I have scheduled @ ~3:00 A.M. & ~4:00 A.M. on
>> the local machine, i.e. it squawks about stuff from both other LAN boxen
>> & from onboard jobs .... The output from the nmap is obviously
>> voluminous & washes other output out of quick view (tail -50
>> /var/log/messages). The other output will get annoying, since it is
>> harmless. I would like to hear from other machines not on my LAN,
>> however. Any advice appreciated. TIA ....
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to 
> ""


	William A. Mahaffey III


	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                            -- Gen. George S. Patton Jr.

Want to link to this message? Use this URL: <>