> Hi Greg,
>
> > Hey, I've just realised something...
> >
> > For a while after my firewall comes up, I get a few logged DENY
> > packet, and
> > an occasional portsentry attack alert, but after some time, the network
> > seems to go very quite. I had checked my machine fromwork this
> afternoon,
> > and nothing was recorded since last nite.
> >
> > So, I decided to force a response and I telnetted into my machine. This
> > triggerred the firewall and it logged the DENY packets.
>
> I tried this a while back, and my machine *didn't* log the DENY records.
>
> > Now, my situtation may actually be nothing like yours... but I wonder if
> > your area of the network quites down a bit (ie: stops pounding
> you if they
> > no one can really see your machine)?
> >
> > Any thoughts? How did the new rpms works? Have you tried them?
>
> So far, so good. I want to give it a few more days before I
> declare it resolved, but I'm still getting the messages since I
> ungraded the sysklogd package. I'll let you know towards the end
> of the week.
>
Well the bad news is that after about 4 days, even with the latest klogd and
kernel 2.2.16-9mdksecure, DENY packet messages stop being logged. The good
news is that I've isolated the problem to klogd since restarting that
restarts the messages.
Looks like I'll just restart it every night for now.
Thanks for all the help.
Tony
===============================
Tony Smith
Email: [EMAIL PROTECTED]
===============================
