Re: logging with firehol

To: Debian-firewall <debian-firewall@lists.debian.org>
Subject: Re: logging with firehol
From: Gian Piero Carrubba <gpcarrubba@libero.it>
Date: Fri, 28 May 2004 18:51:22 +0200
Message-id: <[🔎] 1085763082.26283.15.camel@localhost>
In-reply-to: <[🔎] 20040528155923.GC2693@resivo.mejo.net>
References: <[🔎] 20040528155923.GC2693@resivo.mejo.net>

Il ven, 2004-05-28 alle 17:59, Jonas Meurer ha scritto:
[...]
> in my eyes this looks like some tiny people (62.99.78.133
> and 213.10.237.114) requested something on my server
> diana50 (62.75.129.11) over TCP, but on which port?

SPT=$source_port
DPT=$destination_port

> Why is this in syslog? If it's only about a connection that went through
> an open port, how can i turn this off?

You have some iptables rule with target -j LOG (maybe a catch-all rules
for rejected packages). However, as I don't use firehol, I can't help
you any further but address you to firehol documentation. I'm sure
firehol permits to turn off logging or, better idea, use the ULOG target
so not to log via syslog.

> if it's a request trial that was rejected, why do I get this that often?

portscanning, remote exploits, misconfigured servers, worms, and so on.
Don't mind to feel as you're alone in internet :)

Ciao,
Gian Piero.

Reply to:

Follow-Ups:
- Re: logging with firehol
  - From: Jonas Meurer <jonas@freesources.org>

References:
- logging with firehol
  - From: Jonas Meurer <jonas@freesources.org>

Prev by Date: Re: logging with firehol
Next by Date: Re: logging with firehol
Previous by thread: Re: logging with firehol
Next by thread: Re: logging with firehol
Index(es):
- Date
- Thread