Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: DShield message mess
« previous next »
Pages: [1]   Go Down

DShield message mess

  • 2 Replies
  • 997 Views

Offline rmoria

  • ****
  • 78
  • +0/-0
    • http://www.osvorca.nl
DShield message mess
« on: June 21, 2005, 02:27:22 PM »
Hi,

I have installed DShield using the Knudsen script. Now my messages log gets overrun by deny messages so that other messages go unnoticed.
Quote
Jun 21 11:06:39 nathan kernel: denylog:IN=eth1 OUT= MAC=my_mac_adres  SRC=24.93.176.226 DST=my_ip_adres LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=53585 DF PROTO=TCP SPT=62123 DPT=2065 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Jun 21 11:06:39 nathan kernel: denylog:IN=eth1 OUT= MAC=my_mac_adres SRC=24.93.176.226 DST=my_ip_adres LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=53589 DF PROTO=TCP SPT=62123 DPT=2065 WINDOW=65535 RES=0x00 ACK URGP=0
Jun 21 11:06:45 nathan kernel: denylog:IN=eth1 OUT= MAC=my_mac_adres  SRC=24.93.176.226 DST=my_ip_adres LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=54020 DF PROTO=TCP SPT=62123 DPT=2065 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Jun 21 11:06:45 nathan kernel: denylog:IN=eth1 OUT= MAC=my_mac_adres SRC=24.93.176.226 DST=my_ip_adres LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=54023 DF PROTO=TCP SPT=62123 DPT=2065 WINDOW=65535 RES=0x00 ACK URGP=0
Jun 21 11:07:43 nathan kernel: denylog:IN=eth1 OUT= MAC=my_mac_adres SRC=82.161.1.215 DST=my_ip_adres LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=26802 DF PROTO=TCP SPT=4683 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0
Jun 21 11:07:46 nathan kernel: denylog:IN=eth1 OUT= MAC=my_mac_adres SRC=82.161.1.215 DST=my_ip_adres LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=27086 DF PROTO=TCP SPT=4683 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0


Can I redirect these messages to their own log or in the worst case delete them automaticly?
Logged
...
Yes, I can ask more questions then you can answer  8-)
...

drlizau

DShield message mess
« Reply #1 on: June 24, 2005, 01:49:36 PM »
you can't blame the dshield install for providing you with the denylog entries.
that is what my messages log always resembles, until the internet link goes down.
if you haven't had these before, welcome to the world of portscanning.

my dshield install sends me an email saying
Modification of a read-only value attempted at /home/dshield/iptables/iptables.pl line 199, <CONFIGFILE> line 166.
and i don't understand what isn't right with the install.
any takers?
Logged

drlizau

DShield message mess
« Reply #2 on: June 24, 2005, 01:50:20 PM »
you can't blame the dshield install for providing you with the denylog entries.
that is what my messages log always resembles, until the internet link goes down.
if you haven't had these before, welcome to the world of portscanning.

my dshield install sends me an email saying
Modification of a read-only value attempted at /home/dshield/iptables/iptables.pl line 199, <CONFIGFILE> line 166.
and i don't understand what isn't right with the install.
any takers?
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: DShield message mess