logging with firehol

To: Debian-firewall <debian-firewall@lists.debian.org>
Subject: logging with firehol
From: Jonas Meurer <jonas@freesources.org>
Date: Fri, 28 May 2004 17:59:23 +0200
Message-id: <[🔎] 20040528155923.GC2693@resivo.mejo.net>
Mail-followup-to: Debian-firewall <debian-firewall@lists.debian.org>

hi,

with a running and working firehol firewall, I still
get these messages in syslog:

May 28 17:51:06 diana50 kernel: IN-interface1:IN=eth0 OUT= MAC=00:50:fc:e4:e4:d4:00:90:69:cd:d4:1f:08:00 SRC=62.99.78.133 DST=62.75.129.11 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=46176 DF PROTO=TCP SPT=3372 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
May 28 17:51:07 diana50 kernel: IN-interface1:IN=eth0 OUT= MAC=00:50:fc:e4:e4:d4:00:90:69:cd:d4:1f:08:00 SRC=213.10.237.114 DST=62.75.129.11 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=22801 DF PROTO=TCP SPT=3934 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 28 17:51:08 diana50 kernel: IN-interface1:IN=eth0 OUT= MAC=00:50:fc:e4:e4:d4:00:90:69:cd:d4:1f:08:00 SRC=213.10.237.114 DST=62.75.129.11 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=23315 DF PROTO=TCP SPT=4192 DPT=9898 WINDOW=16384 RES=0x00 SYN URGP=29184

in my eyes this looks like some tiny people (62.99.78.133
and 213.10.237.114) requested something on my server
diana50 (62.75.129.11) over TCP, but on which port?

Why is this in syslog? If it's only about a connection that went through
an open port, how can i turn this off?

if it's a request trial that was rejected, why do I get this that often?

bye
 jonas

Reply to:

Follow-Ups:
- Re: logging with firehol
  - From: strawks <strawks@yahoo.fr>
- Re: logging with firehol
  - From: Gian Piero Carrubba <gpcarrubba@libero.it>
- Re: logging with firehol
  - From: Christian Schuerer <csw@xray.at>
- Re: logging with firehol
  - From: Christian Schuerer-Waldheim <christian@schuerer-waldheim.at>

Prev by Date: Alerte d'eSafe
Next by Date: Re: logging with firehol
Previous by thread: Alerte d'eSafe
Next by thread: Re: logging with firehol
Index(es):
- Date
- Thread