What is this ??? I(root on mdk 8.1) am getting tons of error messages in my mailbox about localhost trying to talk to localhost on port 23 and 80. My portsentry.ignored contains IP of loopback and eth0(to not block those), and I can ping both from 'inside', but not from outside (which is OK).
Ethereal, just looking at 'lo', also shows that traffic on port 23, 80
(don't know how to export as text --.libpcap format attached)
So, is this normal traffic?
--and if so, what is it for??
--and how can I reduce the scope of logging???
Any hints ? I am clueless )-:
I'll may be able to make it later tonight to the meeting ..... Horst.
ROOT'S MAIL:
============
>From [EMAIL PROTECTED] Thu Jan 24 18:08:14 2002
Date: Thu, 24 Jan 2002 07:15:20 -0800
From: root <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: ALERT servers/telnet: localhost (Thu Jan 24 07:15:20)
Summary output : localhost
Group : servers
Service : telnet
Time noticed : Thu Jan 24 07:15:20 2002
Secs until next alert :
Members : localhost
Detailed text (if any) follows:
-------------------------------
localhost: problem connecting to "localhost", port 23: Connection refused
##############################################
A FEW LINES OUT OF 100KB MESSAGES TWICE A DAY TO ROOT:
====================================================
Jan 24 02:25:20 horix mon[1742]: failure for servers telnet 1011867920
localhos$Jan 24 02:26:59 horix mon[1742]: failure for servers http
1011868019 localhost
Jan 24 02:30:59 horix mon[1742]: failure for servers http 1011868259
localhost
Jan 24 02:34:59 horix mon[1742]: failure for servers http 1011868499
localhost
Jan 24 02:35:20 horix mon[1742]: failure for servers telnet 1011868520
localhos$Jan 24 02:38:59 horix mon[1742]: failure for servers http
1011868739 localhost
Jan 24 02:42:59 horix mon[1742]: failure for servers http 1011868979
localhost
Jan 24 02:45:20 horix mon[1742]: failure for servers telnet 1011869120
localhos$
http-telnet_on-lo.libpcap
Description: Binary data
