Date: Fri, 19 Oct 2007 14:06:35 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Nikos Vassiliadis <nvass@teledomenet.gr> Cc: "Michael K. Smith - Adhost" <mksmith@adhost.com>, freebsd-questions@freebsd.org Subject: Re: Odd PF Denied Message Message-ID: <Pine.BSF.3.96.1071019132823.23569A-100000@gaia.nimnet.asn.au> In-Reply-To: <20071018182512.ABD2B16A4F0@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Oct 2007 19:36:27 +0300 Nikos Vassiliadis wrote: > On Thursday 18 October 2007 18:39:56 Michael K. Smith - Adhost wrote: > > Thank you for the clue! We are using log in vain as part of our > > security logging for this particular box, but this is the only message > > I've ever seen so I'm not sure it's really needed. > > It must be a local program trying to connect to ident. Yes, quite likely sendmail sending daily etc reports? You can either run a (real or fake) ident daemon (see inetd.conf), or have the firewall reset (not drop) such connections, avoiding sendmail(ono) delays waiting for a response. If running a mailserver, this applies to outside too. > Probably nothing to worry about. I would check which is > this program though. If that's the only message you get > you must be protected, at least packet_filtering-wise. > > I think log_in_vain can be used when configuring a firewall. > Just to see quickly if your firewall works as expected and > then turn it off. Otherwise it is just going to create tons > of irrelevant log messages. On the contrary .. if your firewall is working correctly, you shouldn't ever be seeing connection attempts to non-listening ports, especially from outside. log_in_vain messages indicate some attention is needed, either to block or reset those connections, or to provide a listener :) so removing log_in_vain (shooting the messenger) may not be a good idea. Cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1071019132823.23569A-100000>