On Tue, Apr 15, 2008 at 08:06:01PM +0000, Digby Tarvin wrote: > On Tue, Apr 15, 2008 at 01:23:59PM -0400, Brian McKee wrote: > > > > On 15-Apr-08, at 11:42 AM, Digby Tarvin wrote: > > >The problem I am having is that the messages from the firewall really > > >flood /var/log/messages to the point where I am concerned they may > > >cause > > >me to miss other important things. > > >... > > >Perhaps I should redirect the firewall logs to a separate file? Or > > >just stick my head in the sand and log nothing - which is presumably > > >the situation with my dsl router.. > > > > > > > If it's dropped - then the firewall did it's job. > > Why look at the results unless you have a problem? > > Worry about what's getting through, not what isn't.... > > > > Brian > > Thanks, that's what I was thinking. If anyone can think of a reason > not to extend the > DROP net fw udp 1026:1029 > so that logging for all blocked packets is supressed i'd be interested > in hearing it..
just be careful with UDP its a connectionless protocol, there for any
UDP streams will not be caught in the state RELATED,ESTABLISHED line,
for example if you block of UDP 53 (DNS)
>
> Just out of curousity, does anyone know what any of this bogus traffic
> to (for example ports 1947 and 1948 are popular at the moment) might be?
> Is it common to see this much noise? Is it perhaps undocumented traffic
> generated by windows systems that others have connected directly to the
> net? Or perhaps malicious traffic targeting vulnerabilities of windows
> systems that might be unfirewalled on the net?
>
> Regards,.
> DigbyT
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
--
"So I don't know where [Bin Laden] is. You know, I just don't spend that much
time on him."
- George W. Bush
03/13/2002
Washington, DC
White House Press Conference
signature.asc
Description: Digital signature
