kernel: Packet log: eth1-i DENY eth1 PROTO=6 200.0.0.1:1043 201.0.0.1:113 L=60 S=0x00 I=152 F=0x4000 T=64 SYN (#5) and kernel: Packet log: eth1-o DENY eth1 PROTO=6 201.0.0.1:113 200.0.0.1:1044 L=40 S=0x00 I=888 F=0x0000 T=255 (#2) These are TCP requests on port 113, which is the ident/auth port. It tells
Hi On Tue, Sep 26, 2000 at 07:34:20PM +0200, Sven Schultheiß wrote: the requester which UID/user runs a certain service.
Does anybody know what causes this traffic? This could be daemons which have requested the ident in their respective config or your iplogger, which does this, whenever a TCP/UDP connection comes in. You should check ftpd, httpd and iplogger configuration files first.
MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de ref@linux.com GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB ar@rhwd.net 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO