DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 11th October 2008
chavez243 chavez243 is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Leamington, ON
Posts: 50
Thanked 2 Times in 2 Posts
Default FBSD 7 network noise

system is FreeBSD 7.0 running IPFW - identical ruleset was previously used on a 6.3 box, without a problem. Systems is still serving network requests, just seems to be a lot of noise in the logs.

/var/log/messages:

Code:
+TCP: [72.14.199.31]:43509 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [216.8.136.153]:23 to [192.168.1.250]:51927 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:51839
+TCP: [61.135.168.39]:42953 to [192.168.1.250]:80 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored
+TCP: [61.135.168.39]:42953 to [192.168.1.250]:80 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored
+TCP: [216.8.136.153]:23 to [192.168.1.250]:59739 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:57802
+TCP: [216.8.136.153]:23 to [192.168.1.250]:61578 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:62181
+TCP: [216.8.136.153]:23 to [192.168.1.250]:58202 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:55902
+TCP: [216.8.136.153]:23 to [192.168.1.250]:52711 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:54350
+TCP: [216.8.136.153]:23 to [192.168.1.250]:60997 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:64516
+TCP: [208.113.203.27]:80 to [192.168.1.250]:61485 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 237 bytes of data after socket was closed, sending RST and removing tcpcb
+TCP: [216.8.136.153]:23 to [192.168.1.250]:52134 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:50867
+TCP: [216.8.136.153]:23 to [192.168.1.250]:58241 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:59601
+TCP: [216.8.136.153]:23 to [192.168.1.250]:58544 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:51568
+TCP: [216.8.136.153]:23 to [192.168.1.250]:56565 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:57846
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (1) SYN|ACK
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (2) SYN|ACK
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (1) SYN|ACK
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (2) SYN|ACK
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (3) SYN|ACK
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (3) SYN|ACK
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80; syncache_timer: Retransmits exhausted, giving up and removing syncache entry
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80; syncache_timer: Retransmits exhausted, giving up and removing syncache entry
+TCP: [216.8.136.153]:23 to [192.168.1.250]:64811 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:61514
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [216.8.136.153]:23 to [192.168.1.250]:60379 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:58747
+TCP: [216.8.136.153]:23 to [192.168.1.250]:53360 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:61281
+TCP: [61.135.168.39]:53090 to [192.168.1.250]:80 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored
+TCP: [61.135.168.39]:53090 to [192.168.1.250]:80 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored
I'm not sure if 7.0 is just more verbose, or if the network stack is a bit wonky.

thoughts?
Reply With Quote
  #2   (View Single Post)  
Old 11th October 2008
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 699
Thanked 90 Times in 81 Posts
Default

Check the contents of the following sysctls on each system:
net.inet.icmp.log_redirect: 0
net.inet.tcp.log_in_vain: 0
net.inet.tcp.log_debug: 0
net.inet.udp.log_in_vain: 0

The log_in_vain ones will log everytime a packet is received for a port that nothing is listening on (like port 23).
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote
  #3   (View Single Post)  
Old 11th October 2008
chavez243 chavez243 is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Leamington, ON
Posts: 50
Thanked 2 Times in 2 Posts
Default

you are definitely onto something - I have log_in_vain enabled in rc.conf, seems much more verbose than in 6.3 though.

I'll disable and see what happens.

thx
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Flash in FBSD 7.2 Mantazz FreeBSD Ports and Packages 8 5th October 2009 05:37 AM
fbsd 7.2 and php5 baraboom FreeBSD Ports and Packages 2 9th July 2009 08:33 PM
dvb-t on FBSD? michaelrmgreen FreeBSD General 3 15th May 2009 10:43 AM
FBSD & Java DarkEnergy FreeBSD General 2 4th July 2008 03:50 AM
Eta Fbsd 7.1? michaelrmgreen FreeBSD General 7 7th June 2008 05:56 AM


All times are GMT. The time now is 08:00 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick