On Thu, 18 Oct 2007 19:36:27 +0300 Nikos Vassiliadis wrote: > On Thursday 18 October 2007 18:39:56 Michael K. Smith - Adhost wrote: > > Thank you for the clue! We are using log in vain as part of our > > security logging for this particular box, but this is the only message > > I've ever seen so I'm not sure it's really needed. > > It must be a local program trying to connect to ident.
Yes, quite likely sendmail sending daily etc reports? You can either run a (real or fake) ident daemon (see inetd.conf), or have the firewall reset (not drop) such connections, avoiding sendmail(ono) delays waiting for a response. If running a mailserver, this applies to outside too. > Probably nothing to worry about. I would check which is > this program though. If that's the only message you get > you must be protected, at least packet_filtering-wise. > > I think log_in_vain can be used when configuring a firewall. > Just to see quickly if your firewall works as expected and > then turn it off. Otherwise it is just going to create tons > of irrelevant log messages. On the contrary .. if your firewall is working correctly, you shouldn't ever be seeing connection attempts to non-listening ports, especially from outside. log_in_vain messages indicate some attention is needed, either to block or reset those connections, or to provide a listener :) so removing log_in_vain (shooting the messenger) may not be a good idea. Cheers, Ian _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
