search for: log_in_vain

Hi all I am trying to get rid of strings: kernel: Connection attempt to UDP FREEBSD_IP:port from DNSSERVER_IP:53 on my console and in log file I understand that those are replies on DNS queries that for some reason took too long time to be answered. I do not want to turn off the "log in vain" feature. As these strings fill up my log I am afraid to miss some sensitive messages (e.g.

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due to size>100K) My server box is a Intel Celeron 733Mhz, 384...

hello, I have turned on sysctls variables: net.inet.tcp.log_in_vain: 1 net.inet.udp.log_in_vain: 1 And i have plenty of strange connection attempts on udp protocol Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53...

...1.1.11.10.in-addr.arpa. (41) 13:23:21.120784 PUBLIC_IP.4526 > PUBLIC_IP.53: 52788+ PTR? 11.1.11.10.in-addr.arpa. (41) This is very weird because resolv.conf points to another server. Also, the capture is from lo0. Not that I see a security problem here (just the annoyance of this filling my log_in_vain logs), but I'm curious about the reason; at least didn't find any clue looking at source. May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4523 May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4524 May 26 13:23:21 X /kernel: C...

Hi all. I recently turned net.inet.udp.log_in_vain on on some of my boxen and have been seeing UDP connection attempts to port 67 on the local host. This initially seemed odd, as the target ip addres was indeed that of a DHCP-configured interface and the source address was that of my DHCP server. However, it turns out this is totally valid, as dhcl...

....168.80 link#1 UC 1 0 vr0 192.168.80.100 link#1 UHLW 1 0 vr0 /etc/rc.conf contains the following lines, among others: ----------------------------------------- hostname="blah.server.net" tcp_extensions="NO" log_in_vain="NO" tcp_keepalive="NO" network_interfaces="auto" ifconfig_lo0="inet 127.0.0.1" ifconfig_vr0="inet 192.168.80.222 netmask 255.255.255.0" defaultrouter="192.168.80.100" gateway_enable="NO" I also tried adding " media auto&qu...

Hi, I got this error when i tried to type for some of those. "sysctl: unknown oid...." any idea.. my server seems to be very lagged, where else the network connection seems fine, i think BSD itself as my other redhat box is fine. What else can i do to get optimum protection. Thanks. ----- Original Message ----- From: "Per Engelbrecht" <per@xterm.dk> To:

...; defaultrouter="122.254.1x.x" keymap="us.iso" moused_enable="YES" moused_flags="-3" moused_port="/dev/psm0" moused_type="auto" saver="logo" sshd_enable="YES" usbd_enable="YES" sendmail_enable="NONE" log_in_vain="YES" named_enable="YES" #named_flags="-u bind -t /etc/namedb/sandbox -c named.conf -d 9" named_flags="-c named.conf" #syslogd_flags="-ss -l /etc/namedb/sandbox/dev/log" #named_pidfile="/var/named/run/named/pid" # Must set this in named.co...

...eudo-ttys (telnet etc) pseudo-device md # Memory "disks" pseudo-device bpf #Berkeley packet filter same random stuff from /etc/sysctl.conf net.inet.udp.recvspace=84160 net.inet.tcp.blackhole=1 net.inet.udp.blackhole=1 net.inet.icmp.log_redirect=1 net.inet.tcp.log_in_vain=1 Is this too much info btw? I just wanted to make sure i didn't get a, not enough info reply, sorry if this was too much.

...init: 75000 net.inet.tcp.delacktime: 100 net.inet.tcp.v6mssdflt: 1024 net.inet.tcp.hostcache.cachelimit: 15360 net.inet.tcp.hostcache.hashsize: 512 net.inet.tcp.hostcache.bucketlimit: 30 net.inet.tcp.hostcache.count: 0 net.inet.tcp.hostcache.expire: 3600 net.inet.tcp.hostcache.purge: 0 net.inet.tcp.log_in_vain: 0 net.inet.tcp.blackhole: 0 net.inet.tcp.delayed_ack: 1 net.inet.tcp.rfc3042: 1 net.inet.tcp.rfc3390: 1 net.inet.tcp.insecure_rst: 0 net.inet.tcp.reass.maxsegments: 1600 net.inet.tcp.reass.cursegments: 0 net.inet.tcp.reass.maxqlen: 48 net.inet.tcp.reass.overflows: 0 net.inet.tcp.path_mtu_discovery...