On Tue, Apr 15, 2008 at 01:23:59PM -0400, Brian McKee wrote: > > On 15-Apr-08, at 11:42 AM, Digby Tarvin wrote: > >The problem I am having is that the messages from the firewall really > >flood /var/log/messages to the point where I am concerned they may > >cause > >me to miss other important things. > >... > >Perhaps I should redirect the firewall logs to a separate file? Or > >just stick my head in the sand and log nothing - which is presumably > >the situation with my dsl router.. > > > > If it's dropped - then the firewall did it's job. > Why look at the results unless you have a problem? > Worry about what's getting through, not what isn't.... > > Brian
Thanks, that's what I was thinking. If anyone can think of a reason not to extend the DROP net fw udp 1026:1029 so that logging for all blocked packets is supressed i'd be interested in hearing it.. Just out of curousity, does anyone know what any of this bogus traffic to (for example ports 1947 and 1948 are popular at the moment) might be? Is it common to see this much noise? Is it perhaps undocumented traffic generated by windows systems that others have connected directly to the net? Or perhaps malicious traffic targeting vulnerabilities of windows systems that might be unfirewalled on the net? Regards,. DigbyT -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
