At 02:57 PM 9/02/2001, you wrote:
On Thu, 08 Feb 2001, Achim Ehrlich wrote:
Hello list,
i'm running a little homenetwork and scan my messages only occasionally. Today i found, that my var/log/messages was flodded with the following messages from ipchains:
Jan 24 00:00:58 coalmine kernel: Packet log: input DENY ppp0 PROTO=6 213.93.2.117:64834 213.23.38.146:6346 L=48 S=0x00 I=11174 F=0x4000 T=107 SYN(#3) Jan 24 00:00:59 coalmine kernel: Packet log: input DENY ppp0 PROTO=6 168.95.0.198:38071 213.23.38.146:6346 L=44 S=0x00 I=46941 F=0x4000 T=237 SYN(#3)
Is some unsupervised kid with an 'security tool' syn-flooding him with spoofed source addresses? It seems his box is easily withstanding this, until his log fills the disk.
possibly, I get junk like this hitting my firewalls constantly both at home, at work and at clients. Some of the banks I work for obviously get alot more than my cablemodem at home, but I still get >100 lines per hour of logs on my cable. It's nothing to be overly worried about logrotate nicely takes care of excess logs :-) Cheers --- Nix - nix@susesecurity.com http://www.susesecurity.com