On Wed, 18 Sep 2002 09:28:35 +1000 Jay wrote:
> > You should check the /var/log/messages file > I have, they are all looking at port 53 Speculating since you didn't includes sample log entries... You may have found (or been found by) a geographic load balancer that uses port 53 requests for timing measurements. If so, a search for "dns floods" or "dns_floods" on leaf-user or the old LRP list will probably turn up more information. Not sure if this is still accurate, but weather.com (or was it their x10.com popup ads) triggered the load balancers once-upon-a-time. > > It says: '146 denied or rejected packets' > Yes. but the firewall weblet says error after only 146. I've done port scans > before and got this to say 3200 before the weblet said error. The thresholds are set in /etc/weblet.conf . My Bering RC3 defaults are: WRN_FW=5 ERR_FW=50 It seems you should see the error stats for anything more than 50 matches of "Shorewall:" in /var/log/syslog . (syslog gets rotated nightly so the error status will reset nightly.) > > BTW, if you are portscanning the firewall from outside, this is normal! > I wasn't at the time, if i do a external portscan, it lasts alot longer > (usually around the 3000 mark) before going to error status.. My suspiscion is that the portscan was being done so quickly that you went from near zero to 3000 very quickly and didn't realize the threshold was 50 denied packets. Please let us know if you find evidence otherwise. --Brad > Confused.. ------------------------------------------------------- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
