Thanks for answering.

No actually I don't think someone is spoofing. There is a firewall (other
machine, actually) blocking any kind of incoming&outgoing 127. adresses. 
So I don't think (at this time) that this is the problem.

What I ment with cron, is that there are daily reports the are being sent
via sendmail.
I've this sendmail option in rc.conf: sendmail_enable="NO".
Sendmail is only listening on localhost. 

I assume that my freebsd host sends a auth command to because a
sendmail connection is being tried from
The samples of my entries corresponds exactly at the time, that
the daily reports arrives.

Perhaps someone could confirm this?

-----Original Message-----
From: fbsd_user [mailto:[EMAIL PROTECTED] 
Sent: vendredi 23 janvier 2004 14:17
Subject: RE: log_in_vain="YES"

If this is happening while your system is connected to the public internet
then your system is under attack by somebody who is spoofing ip address  Port 113 is the ident protocol.
There is no reason for the cron jobs to be doing that. You should power off
you system when not in use at least until you install an firewall software

You really need an firewall, and should use IPFILTER as it's stateful
keep-state rules function work correctly. FBSD's ipfw stateful rules are
broken when used with ipfw's divert/natd function.

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to