On Tue, Apr 15, 2008 at 08:06:01PM +0000, Digby Tarvin wrote: > On Tue, Apr 15, 2008 at 01:23:59PM -0400, Brian McKee wrote: > > > > On 15-Apr-08, at 11:42 AM, Digby Tarvin wrote: > > >The problem I am having is that the messages from the firewall really > > >flood /var/log/messages to the point where I am concerned they may > > >cause > > >me to miss other important things. > > >... > > >Perhaps I should redirect the firewall logs to a separate file? Or > > >just stick my head in the sand and log nothing - which is presumably > > >the situation with my dsl router.. > > > > > > > If it's dropped - then the firewall did it's job. > > Why look at the results unless you have a problem? > > Worry about what's getting through, not what isn't.... > > > > Brian > > Thanks, that's what I was thinking. If anyone can think of a reason > not to extend the > DROP net fw udp 1026:1029 > so that logging for all blocked packets is supressed i'd be interested > in hearing it.. just be careful with UDP its a connectionless protocol, there for any UDP streams will not be caught in the state RELATED,ESTABLISHED line, for example if you block of UDP 53 (DNS) > > Just out of curousity, does anyone know what any of this bogus traffic > to (for example ports 1947 and 1948 are popular at the moment) might be? > Is it common to see this much noise? Is it perhaps undocumented traffic > generated by windows systems that others have connected directly to the > net? Or perhaps malicious traffic targeting vulnerabilities of windows > systems that might be unfirewalled on the net? > > Regards,. > DigbyT > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > -- "So I don't know where [Bin Laden] is. You know, I just don't spend that much time on him." - George W. Bush 03/13/2002 Washington, DC White House Press Conference
Attachment:
signature.asc
Description: Digital signature