Hi, 62.99.78.133 tries to connect on port 445 and 213.10.237 tries to connect on port 5554 and 9898. These connections are blocked by the firewall and that's why they are logged in syslog, but I don't why you got this often. strawks On Fri, 2004-05-28 at 17:59, Jonas Meurer wrote: > hi, > > with a running and working firehol firewall, I still > get these messages in syslog: > > May 28 17:51:06 diana50 kernel: IN-interface1:IN=eth0 OUT= MAC=00:50:fc:e4:e4:d4:00:90:69:cd:d4:1f:08:00 SRC=62.99.78.133 DST=62.75.129.11 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=46176 DF PROTO=TCP SPT=3372 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 > May 28 17:51:07 diana50 kernel: IN-interface1:IN=eth0 OUT= MAC=00:50:fc:e4:e4:d4:00:90:69:cd:d4:1f:08:00 SRC=213.10.237.114 DST=62.75.129.11 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=22801 DF PROTO=TCP SPT=3934 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0 > May 28 17:51:08 diana50 kernel: IN-interface1:IN=eth0 OUT= MAC=00:50:fc:e4:e4:d4:00:90:69:cd:d4:1f:08:00 SRC=213.10.237.114 DST=62.75.129.11 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=23315 DF PROTO=TCP SPT=4192 DPT=9898 WINDOW=16384 RES=0x00 SYN URGP=29184 > > in my eyes this looks like some tiny people (62.99.78.133 > and 213.10.237.114) requested something on my server > diana50 (62.75.129.11) over TCP, but on which port? > > Why is this in syslog? If it's only about a connection that went through > an open port, how can i turn this off? > > if it's a request trial that was rejected, why do I get this that often? > > bye > jonas >
Attachment:
signature.asc
Description: This is a digitally signed message part