> Message #1:
> securityalert: tcp from XX.XX.XX.XX:2315 to YY.YY.YY.YY
> *******************************************************
> on unserved port 113
> ********************
[snip]
> not appear, netperm says that port 113 is on a LISTEN
> status. We're sure that we didn't run any daemon on the
> Gauntlet to use port 113.
Gauntlet is equipped with something like Klaxon(hi Doug!) which lets you
know when someone 'touches' a port that doesn't have anything running on
it--this way you can tell if you're being port scanned.
In this case, if you're not running identd, then Gauntlet will let you
know that someone tried to connect to your auth port. No big deal.
> wall, what should we do so that they won't appear in
> the log file anymore?
Use grep -v?
> Message #2:
> fwtkcfgerr: Policy policy-inside has no permit-proxy
> ****************************************************
> line for http-gw
> ****************
You might want to add the following to your netperm:
*: permit-hosts (internal network) -policy inside
*: deny-hosts (external network) -policy outside
Let me know if that does it.
> Why is this happenning? We really can't figure it
Odd way of parsing the netperm table.
Ben.
____
Ben Samman .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
ben @
edelweb .
fr
Paris, France Illudium Q36 Explosive Space Modulator
References:
|
|
