Bug#742109: Acknowledgement (Soft lookup during port scan and IPTables log enabled)

To: Ben Hutchings <ben@decadent.org.uk>
Cc: 742109@bugs.debian.org, Don Armstrong <don@debian.org>, michael.schultz@basf.com, rene.fassbender@basf.com
Subject: Bug#742109: Acknowledgement (Soft lookup during port scan and IPTables log enabled)
From: daniel.gassen@basf.com
Date: Tue, 8 Apr 2014 08:13:18 +0200
Message-id: <[🔎] OFAEBDD802.8742976C-ONC1257CB4.0021E734-C1257CB4.00222D99@basf-c-s.be>
Reply-to: daniel.gassen@basf.com, 742109@bugs.debian.org
In-reply-to: <1396041122.2898.70.camel@deadeye.wl.decadent.org.uk>
References: <OFBC2C31B2.BE1BB88A-ONC1257CA0.003733BD-C1257CA0.0037BE26@basf-c-s.be> <handler.742109.B.13952237769841.ack@bugs.debian.org> <OFE969C448.C37DBFFF-ONC1257CA9.0033D335-C1257CA9.0033EA74@basf-c-s.be> <20140328161713.GI16378@teltox.donarmstrong.com> <1396041122.2898.70.camel@deadeye.wl.decadent.org.uk>

Hello Ben,

thanks for the response, but we do not use a serial console or similar.
In addition to that we've not adjusted our rule set within the last 2 years and had no issues e.g. using the kernel version 2.6.32+29 (amd64)
with the configured LOG action on squeeze.

Again, thanks for your support.

Mit freundlichen Grüßen / Kind regards,

Daniel Gassen
CC Security & gCERT / gCERT Coordinator

Phone: +49 621 60-45903 Mobile: +49 174 3496548 E-Mail: daniel.gassen@basf.com
Postal Address: BASF Business Services GmbH, GSI/ITNB - C010, 67059 Ludwigshafen, Germany

BASF - The Chemical Company

BASF Business Services GmbH, Registered Office: 67059 Ludwigshafen, Germany
Companies' Register: Amtsgericht Ludwigshafen, HRB 3541
Managing Directors:
Andreas Biermann, Stefan Beck, Wiebe van der Horst
Chairman of the Supervisory Board: Dr. Robert Blackburn

www.information-services.basf.com

From: Ben Hutchings <ben@decadent.org.uk>
To: Don Armstrong <don@debian.org>, daniel.gassen@basf.com
Cc: rene.fassbender@basf.com, michael.schultz@basf.com, 742109@bugs.debian.org
Date: 28.03.2014 22:12
Subject: Re: Bug#742109: Acknowledgement (Soft lookup during port scan and IPTables log enabled)

On Fri, 2014-03-28 at 09:17 -0700, Don Armstrong wrote: > On Fri, 28 Mar 2014, daniel.gassen@basf.com wrote: > > any update on this bug report so far? > > Do you need further information from us? > > This looks awfully like >https://bugzilla.kernel.org/show_bug.cgi?id=6816. > > Presumably, you're writing the LOG requests to something (serial console > or similar) which cannot keep up, and the printk blocks. > > You should probably switch to using -j ULOG and ulogd instead of -j LOG. Yes, logging network events to the console without rate-limiting is a misconfiguration. Combining that with a serial console would be a particularly bad idea. This is because the kernel logs synchronously, a deliberate decision to ensure that all messages prior to a crash are actually recorded. Ben. -- Ben Hutchings Always try to do things in chronological order; it's less confusing that way. [Anhang "signature.asc" gelöscht von Daniel Gassen/BASF-IT-S/BASF]

Reply to: