Subject: Re: Log messages cutted
To: netbsd <firstname.lastname@example.org>
From: Julio Merino <email@example.com>
Date: 07/10/2002 22:04:50
On Wed, 10 Jul 2002 22:30:12 +0300
"netbsd" <firstname.lastname@example.org> wrote:
> I don't think it is related with buffer overflow...
> seems like kernel is login ports that are firewalled.
> There is parameter that handles with that ' net.inet.tcp.log_refused=1'
No no... I know that, but look again at the messages. The text
is CUTted. For example:
tempt to TCP 192.168.1.1:596 from 192.168.1.3:61993
Connection attempt to TCP 192.168.1.1:596 from 192.168.1.3:61993
and this happens many times at unexpected places (in another
message it apperes a character before the text, that does not
belong to it.
> just guessing...:)
> ----- Original Message -----
> From: "Julio Merino" <email@example.com>
> To: <firstname.lastname@example.org>
> Sent: Wednesday, July 10, 2002 7:28 PM
> Subject: Log messages cutted
> > Hello
> > last day I noticed a problem when reading a /var/log/messages log. Look
> > at these:
> > Jul 10 18:20:10 sun /netbsd: o TCP 192.168.1.1:471 from 192.168.1.3:64980
> > Jul 10 18:20:14 sun /netbsd: on attempt to TCP 192.168.1.1:619 from
> > Jul 10 18:20:19 sun /netbsd: >Connection attempt to TCP 192.168.1.1:227
> from 192.168.1.3:62673
> > Jul 10 18:20:13 sun sshd: error: accept: Software caused connection
> > Jul 10 18:20:24 sun /netbsd: 192.168.1.1:873 from 192.168.1.3:61747
> > Jul 10 18:20:29 sun /netbsd: 1:1539 from 192.168.1.3:61576
> > This has happened while issuing a nmap to the computer. If you look
> > carefully, you can see how messages are cutted, like if some buffer
> > is overflowing.
> > And looking at more logs:
> > Jul 8 18:06:06 sun /netbsd: Connection attempt to TCP 192.168.1.1:1668
> from 192.168.1.3:63222
> > Jul 8 18:06:06 sun /netbsd: Connection attempt to TCP 192.168.1.1:581
> from 192.168.1.3:63221
> > Jul 8 18:06:06 sun /netbsd: tempt to TCP 192.168.1.1:596 from
> > You see. If this is a buffer overflow... argg, it can be bad. What do
> > you think?
> > Well, thanks.
> > --
> > HispaBSD admin - http://www.hispabsd.org
> > Julio Merino <email@example.com>
HispaBSD admin - http://www.hispabsd.org
Julio Merino <firstname.lastname@example.org>