kernel log message
Hello all Anyone able to explain the kernelmessage I received after running the nightly periodic ? Anything I should worry about ? I belive I was dumping a large MySql database at the time it happened. odin# uname -a FreeBSD odin.thorshammare.org 8.1-STABLE FreeBSD 8.1-STABLE #0: Tue Sep 7 18:47:41 CEST 2010 r...@odin.thorshammare.org:/usr/obj/usr/src/sys/ODIN i386 odin.thorshammare.org kernel log messages: +++ /tmp/security.qzjwQDiS 2010-11-19 03:06:22.0 +0100 +Timecounter TSC frequency 1100020331 Hz quality 800 Best Regards Hasse Hansson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Strange kernel log message
On Mon, Nov 26, 2007 at 07:58:41PM +, Bruce Cran wrote: Giorgos Keramidas wrote: On 2007-11-26 09:58, Ceri Davies [EMAIL PROTECTED] wrote: So I have this in my security run output: kernel log messages: +++ /tmp/security.hLYJI0kF Sun Nov 25 03:01:02 2007 +NNNMNMMIII M III SIISAS SAAA 3 303,020,0 ,, EE IEIIESSSAIAA S A f ff + + +f WTF now? I'm not sure if that's a real kernel message that got garbled or whether I should be worried about naughtiness. It looks like multiple messages overlapping each other. Removing 3 characters every 4 bytes in the output produces things which seem vaguely recognizable: 22NNI II A ,,,EISA fff 2NMI SS 300 ISAAfff There's a sysctl option which you can tweak to make this less likely to happen, but I am not sure about its name. Our console gurus can help you track it down and tune its value :) The kernel option I've seen mentioned before to at least make this less common is: options PRINTF_BUFR_SIZE=128# Prevent printf output being interspersed. Aha, thanks guys. Ceri -- That must be wonderful! I don't understand it at all. -- Moliere pgpMN9CbJ9VZW.pgp Description: PGP signature
Strange kernel log message
So I have this in my security run output: kernel log messages: +++ /tmp/security.hLYJI0kF Sun Nov 25 03:01:02 2007 +NNNMNMMIII M III SIISAS SAAA 3 303,020,0 ,, EE IEIIESSSAIAA S A f ff + + +f WTF now? I'm not sure if that's a real kernel message that got garbled or whether I should be worried about naughtiness. Ceri -- That must be wonderful! I don't understand it at all. -- Moliere pgpGFXYOSbSkc.pgp Description: PGP signature
Re: Strange kernel log message
On 2007-11-26 09:58, Ceri Davies [EMAIL PROTECTED] wrote: So I have this in my security run output: kernel log messages: +++ /tmp/security.hLYJI0kFSun Nov 25 03:01:02 2007 +NNNMNMMIII M III SIISAS SAAA 3 303,020,0 ,, EE IEIIESSSAIAA S A f ff + + +f WTF now? I'm not sure if that's a real kernel message that got garbled or whether I should be worried about naughtiness. It looks like multiple messages overlapping each other. Removing 3 characters every 4 bytes in the output produces things which seem vaguely recognizable: 22NNI II A ,,,EISA fff 2NMI SS 300 ISAAfff There's a sysctl option which you can tweak to make this less likely to happen, but I am not sure about its name. Our console gurus can help you track it down and tune its value :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange kernel log message
Giorgos Keramidas wrote: On 2007-11-26 09:58, Ceri Davies [EMAIL PROTECTED] wrote: So I have this in my security run output: kernel log messages: +++ /tmp/security.hLYJI0kF Sun Nov 25 03:01:02 2007 +NNNMNMMIII M III SIISAS SAAA 3 303,020,0 ,, EE IEIIESSSAIAA S A f ff + + +f WTF now? I'm not sure if that's a real kernel message that got garbled or whether I should be worried about naughtiness. It looks like multiple messages overlapping each other. Removing 3 characters every 4 bytes in the output produces things which seem vaguely recognizable: 22NNI II A ,,,EISA fff 2NMI SS 300 ISAAfff There's a sysctl option which you can tweak to make this less likely to happen, but I am not sure about its name. Our console gurus can help you track it down and tune its value :) The kernel option I've seen mentioned before to at least make this less common is: options PRINTF_BUFR_SIZE=128# Prevent printf output being interspersed. -- Bruce ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Kernel Log Message
I keep getting the following kernel log messages in my daily security run output. xxx.xxx.xxx.xxx kernel log messages: Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 235 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 275 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 284 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 277 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 286 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 221 to 200 packets/sec Limiting closed port RST response from 263 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 264 to 200 packets/sec Limiting closed port RST response from 234 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 276 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 257 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 236 to 200 packets/sec Limiting closed port RST response from 234 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 260 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 234 to 200 packets/sec Limiting closed port RST response from 257 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 235 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 238 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 263 to 200 packets/sec Limiting closed port RST response from 286 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 284 to 200 packets/sec Limiting closed port RST response from 265 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 275 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 234 to 200 packets/sec Limiting closed port RST response from 260 to 200 packets/sec Limiting closed port RST response from 285 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 276 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 286 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 275 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 288 to 200 packets/sec Limiting closed
Re: Kernel Log Message
Your machine is getting hit with a lot of SYN packets, and sending RST packets in return (lots of them) this is usually dude to a portscan, but may be different in your situation. To stop it, add the following lines to /etc/sysctl.conf net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 Regards, stevenrh Cody Holland wrote: I keep getting the following kernel log messages in my daily security run output. xxx.xxx.xxx.xxx kernel log messages: Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 235 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 275 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 284 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 277 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 286 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 221 to 200 packets/sec Limiting closed port RST response from 263 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 264 to 200 packets/sec Limiting closed port RST response from 234 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 276 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 257 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 236 to 200 packets/sec Limiting closed port RST response from 234 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 260 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 234 to 200 packets/sec Limiting closed port RST response from 257 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 235 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 238 to 200 packets/sec Limiting closed port RST response from 283 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 263 to 200 packets/sec Limiting closed port RST response from 286 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 284 to 200 packets/sec Limiting closed port RST response from 265 to 200 packets/sec Limiting closed port RST response from 256 to 200 packets/sec Limiting closed port RST response from 275 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 234 to 200 packets/sec Limiting closed port RST response from 260 to 200 packets/sec Limiting closed port RST response from 285 to 200 packets/sec Limiting closed port RST response from 254 to 200 packets/sec Limiting closed port RST response from 233 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 276 to 200 packets/sec Limiting closed port RST response from 253 to 200 packets/sec Limiting closed port RST response from 262 to 200 packets/sec Limiting closed port RST response from 286 to 200
Strange kernel log message from security run output
[fqdn] kernel log messages: 'M-[M-c^_M-'M-ZM-c^_M-KM-ZM-c^_M-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-^M-+^ZM-|M-,^P=M^MCM-ZM-c^_M-3M-*M-b^_M-KM-ZM-c^_M-gM-ZM-c^_^SM-M-c^_M-'M-ZM-c^_M-KM-ZM-c^_^HM^_M-ZM-c^_^HM-/M-ZM-c^_M-JM-)M-b^_M-'[EMAIL PROTECTED]'[EMAIL PROTECTED] 9M-c^_M-x8M-c^_M^PM- [EMAIL PROTECTED]@[EMAIL PROTECTED] M-b^_?M-M-c^_M-,[EMAIL PROTECTED]([EMAIL PROTECTED]@[EMAIL PROTECTED]' [EMAIL PROTECTED]([EMAIL PROTECTED]/M-c^_^DM-+^H^Z^BM-b^_fM-+^HH^YM-c^_'^_M-b^_p^_M-b^_M-^_M-b^_k M-b^_M-,)M-c^_M^?'^_M-b^_p^_M-b^_M-^_M-b^_k M-b^_M-t/M-c^_M-dM-b^_ ]M-b^_^B^AM-8M-]M-c^_KOM-b^_lOM-b^_M^JOM-b^_M-0OM-b^_KOM-b^_lOM-b^_M^JOM-b^_M-0OM-b^_M-FYM-b^_M-XYM-b^_M-jYM-b^_ZM-b^_M^?M-S[M-b^_M-b^_M-#M-b^_^BM-,M-]M-c^_Copyright (c) 1992-2004 The FreeBSD Project. What is FreeBSD 4.10-STABLE trying to tell me? I've added IPF to my kernel. -- Regards, Charles. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange kernel log message from security run output
This junk is normally seen in dmesg if you used the interactive kernel configurator at the last boot. On Wed, 1 Sep 2004, Charles M. Gerungan wrote: [fqdn] kernel log messages: 'M-[M-c^_M-'M-ZM-c^_M-KM-ZM-c^_M-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-,^P=M^MM-^M-+^ZM-|M-,^P=M^MCM-ZM-c^_M-3M-*M-b^_M-KM-ZM-c^_M-gM-ZM-c^_^SM-M-c^_M-'M-ZM-c^_M-KM-ZM-c^_^HM^_M-ZM-c^_^HM-/M-ZM-c^_M-JM-)M-b^_M-'[EMAIL PROTECTED]'[EMAIL PROTECTED] 9M-c^_M-x8M-c^_M^PM- [EMAIL PROTECTED]@[EMAIL PROTECTED] M-b^_?M-M-c^_M-,[EMAIL PROTECTED]([EMAIL PROTECTED]@[EMAIL PROTECTED]' [EMAIL PROTECTED]([EMAIL PROTECTED]/M-c^_^DM-+^H^Z^BM-b^_fM-+^HH^YM-c^_'^_M-b^_p^_M-b^_M-^_M-b^_k M-b^_M-,)M-c^_M^?'^_M-b^_p^_M-b^_M-^_M-b^_k M-b^_M-t/M-c^_M-dM-b^_ ]M-b^_^B^AM-8M-]M-c^_KOM-b^_lOM-b^_M^JOM-b^_M-0OM-b^_KOM-b^_lOM-b^_M^JOM-b^_M-0OM-b^_M-FYM-b^_M-XYM-b^_M-jYM-b^_ZM-b^_M^?M-S[M-b^_M-b^_M-#M-b^_^BM-,M-]M-c^_Copyright (c) 1992-2004 The FreeBSD Project. What is FreeBSD 4.10-STABLE trying to tell me? I've added IPF to my kernel. -- Regards, Charles. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help to interp kernel log message.
# [EMAIL PROTECTED] / 2003-09-12 05:37:17 +0200: I 've got a message in my logfiles that I don't understand. The ip-addresses are none that I'm to my knowing are associated with. Wonder what it is or if it's anything to worry about. odin.swedehost.com kernel log messages: icmp redirect from 65.104.98.146: 204.152.184.189 = 65.104.98.145 Checking up on the above Ip-addresses don't ring any bells ider. Looks like your machine was sending traffic to 204.152.184.189, and an intermediate host at 65.104.98.146 sent an ICMP redirect message telling it to send them to 65.104.98.145 instead. See RFC 792. As for security concerns: any packet might have the source address spoofed, and obeying ICMP type 5 messages in a hostile environment (like the internet) means you're giving your network traffic out for public consumption. -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help to interp kernel log message.
On Saturday 13 September 2003 03.24, Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2003-09-12 05:37:17 +0200: I 've got a message in my logfiles that I don't understand. The ip-addresses are none that I'm to my knowing are associated with. Wonder what it is or if it's anything to worry about. odin.swedehost.com kernel log messages: icmp redirect from 65.104.98.146: 204.152.184.189 = 65.104.98.145 Checking up on the above Ip-addresses don't ring any bells ider. Looks like your machine was sending traffic to 204.152.184.189, and an intermediate host at 65.104.98.146 sent an ICMP redirect message telling it to send them to 65.104.98.145 instead. See RFC 792. As for security concerns: any packet might have the source address spoofed, and obeying ICMP type 5 messages in a hostile environment (like the internet) means you're giving your network traffic out for public consumption. Thx for your answer. In my rc.conf file, I do have icmp_drop_redirect=YES icmp_log_redirect=YES but I guess that's not enough. Probably have to block in my firewall. After reading your reply, I've done some more digging, and this is what I've found. snip 5 Redirect [RFC792] Codes 0 Redirect Datagram for the Network (or subnet) 1 Redirect Datagram for the Host 2 Redirect Datagram for the Type of Service and Network 3 Redirect Datagram for the Type of Service and Host /snip /Geir. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help to interp kernel log message.
# [EMAIL PROTECTED] / 2003-09-15 12:17:01 +0200: On Saturday 13 September 2003 03.24, Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2003-09-12 05:37:17 +0200: I 've got a message in my logfiles that I don't understand. The ip-addresses are none that I'm to my knowing are associated with. Wonder what it is or if it's anything to worry about. odin.swedehost.com kernel log messages: icmp redirect from 65.104.98.146: 204.152.184.189 = 65.104.98.145 Checking up on the above Ip-addresses don't ring any bells ider. Looks like your machine was sending traffic to 204.152.184.189, and an intermediate host at 65.104.98.146 sent an ICMP redirect message telling it to send them to 65.104.98.145 instead. See RFC 792. As for security concerns: any packet might have the source address spoofed, and obeying ICMP type 5 messages in a hostile environment (like the internet) means you're giving your network traffic out for public consumption. Thx for your answer. In my rc.conf file, I do have icmp_drop_redirect=YES icmp_log_redirect=YES but I guess that's not enough. Probably have to block in my firewall. what makes you think so? did the box really change the route? -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help to interp kernel log message.
On Monday 15 September 2003 14.02, Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2003-09-15 12:17:01 +0200: On Saturday 13 September 2003 03.24, Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2003-09-12 05:37:17 +0200: I 've got a message in my logfiles that I don't understand. The ip-addresses are none that I'm to my knowing are associated with. Wonder what it is or if it's anything to worry about. odin.swedehost.com kernel log messages: icmp redirect from 65.104.98.146: 204.152.184.189 = 65.104.98.145 Checking up on the above Ip-addresses don't ring any bells ider. Looks like your machine was sending traffic to 204.152.184.189, and an intermediate host at 65.104.98.146 sent an ICMP redirect message telling it to send them to 65.104.98.145 instead. See RFC 792. As for security concerns: any packet might have the source address spoofed, and obeying ICMP type 5 messages in a hostile environment (like the internet) means you're giving your network traffic out for public consumption. Thx for your answer. In my rc.conf file, I do have icmp_drop_redirect=YES icmp_log_redirect=YES but I guess that's not enough. Probably have to block in my firewall. what makes you think so? did the box really change the route? Ahhh You mean it dropped and logged it. Just as supposed to ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
kernel log message
Hi everybody. uname -a FreeBSD thor.swedehost.com 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #0: Sun Aug 31 22:08:22 CEST 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/THOR i386 I 've got a message in my logfiles that I don't understand. odin.swedehost.com kernel log messages: icmp redirect from 65.104.98.146: 204.152.184.189 = 65.104.98.145 Checking up on the above Ip-addresses don't ring any bells ider. Any clues ? Regards Geir Svalland. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel log message
On Wed, Sep 10, 2003 at 04:52:43PM +0200, Hasse Hansson wrote: icmp redirect from 65.104.98.146: 204.152.184.189 = 65.104.98.145 is 65.104.98.146 your default router? it tells you that there is a better way to the network 204.152.184.189. hth, toni -- Kann man etwas nicht verstehen, dann urteile man | toni at stderror dot at lieber gar nicht, als dass man verurteile. | Toni Schmidbauer -- Rudolf Steiner| pgp0.pgp Description: PGP signature
Kernel log message
Could someone explain to me what the following log message means: disco.wwallace.net kernel log messages: arp: 192.168.100.2 moved from 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on de0 Oct 5 08:03:57 disco /kernel: arp: 192.168.100.2 moved from 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on de0 The machine in question (192.168.100.2) is a Windows 2000 machine that has had the same NIC for years. Also, only one of the digits in the MAC address seems to have changed. What could cause this? Thanks, - William. attachment: winmail.dat
Kernel log message
Could someone explain to me what the following log message means: disco.wwallace.net kernel log messages: arp: 192.168.100.2 moved from 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on de0 Oct 5 08:03:57 disco /kernel: arp: 192.168.100.2 moved from 00:20:78:0d:5a:7f to 00:00:78:0d:5a:7f on de0 The machine in question (192.168.100.2) is a Windows 2000 machine that has had the same NIC for years. Also, only one of the digits in the MAC address seems to have changed. What could cause this? Thanks, - William. attachment: winmail.dat