A remote logging question and a general question

A remote logging question and a general question

Post by Tim » Wed, 16 Jun 1999 04:00:00



I have two questions that I hope someone out there can help me with.

QUESTION ONE:

I have an Ascend P-50 router that I would like to have send logging info to
syslogd running on a FreeBSD box.  The Ascend web site had info on how to do
this as well as a section in the manual (yes, I do read the manual).

(The IP addresses are not the actual addresses, but examples.)
The router is 10.10.10.10
The FreeBSD with syslogd is 10.10.10.100

The P-50 was configured to enable logging, and send logging output to
10.10.10.100, the FreeBSD box with syslogd.
It sends the info to port 514, and I cannot control this in the router OS in
any case.
The log facility has possible values of local0 to local7.  Using local0 was
a problem because qpopper (the host also runs Sendmail) sends its logging
output to local0 and I want only log info from the router.  I chose local5.

On the FreeBSD side:

I touched /var/log/p50.log to create the log file.  The file has -rw-rw-rw-
1 root wheel for owners.

In rc.conf syslogd_flags was changed to "-a 10.10.10.10" to tell syslogd to
accept log info from the P-50 at the IP address given.  The Ascend docs
suggested -r to allow remote logging but man syslogd listed no -r option
and -a was the closest I could find.

syslog.conf has a line added:
local5.info     <tab>    /var/log/p50.log

Everything looks Ok but there is no logging info in the file.  Am I missing
something so obvious that when someone points it out I will hit my forehead
and say "duh"?

QUESTION TWO:

My second question has to do with Internet mischief.  Today I checked logs
and found fif* attempted connections to port 7 from five separate IP
addresses, each from an ordered sequence of ports.  Take a look and you will
see what I mean.

Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
207.239.35.71:45413
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
207.239.35.71:45414
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
208.32.211.71:56194
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
208.32.211.71:56195
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
199.95.208.85:39778
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
199.95.208.85:39779
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
199.95.208.85:39780
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
199.95.207.91:39008
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
199.95.207.91:39009
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
209.67.38.50:64523
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
209.67.38.50:64524
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
209.67.38.50:64525
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
209.67.38.50:64526
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
209.67.38.50:64527
Jun 15 09:15:05 firewall /kernel: Connection attempt to TCP x.x.x.x:7 from
209.67.38.50:64528

What are they trying/doing here?  I checked inetd.conf and echo is commented
out.  Is this a vulnerability I need to be aware of?  I checked bugtraq and
found references to ping-of-death attacks that used port 7.  Can that
explain what is happening here, and how can it work if I am not running
echo?????  The host is running FreeBSD 2.2.7.  Is my host being used to
mount a denial-of-service attack and how can I prevent this?

If you need more info, let me know.

Thanks for any help you might provide.

 
 
 

1. Mini-Linux Distribution Questions + General Questions + UMSDOS Questions

Basically I have recently installed the Mini-Linux distribution (from
sunsite.unc.edu) on my box  (486 66, 12Mb, Limited HDD space), and it
works and installs fine, runs fine.... Great I thought, lets install
on several other PC's - Install on another 486d266 - won't even start
- LOADLIN doesn't even begin decompressing the kernal......
Then try a 486dx4100, this time it decompresses kernal and starts
linux startup, and comes up with a HDD sector size too big (its a
544Mb drive) and says "Giving up"..... Linux doesn't start at all.
Anyone else got an experience with this (the mini-linux distribution
is 1.0.9 kernal I think)

Next On the PC that mini-linux runs on, X won't start - cannot start
my graphics card (its an Advance Logic card, Vesa compatible).  Anyone
know how to fix this?

I run mini-linux for several reasons, the main one being the lack of
HDD space (I have 20Mb free without mini-linux, 0.5Mb with), howver I
have heard that the latest distributions include UMSDOS, so now onto
the UMSDOS questions:

Which kernal works best with UMSDOS, and will fit in 20Mb, with the
majority of data residing on CD?

Do the latest linux kernals support a SB16 and panasonic double speed
CD?  Also are NEC drives supported (a mate has one of these)

Basically I cannot delete my  DOS partition, as my family cannot use
linux to save their lives, and love MS word, so I need UMSDOS, so both
can happily reside on one partition (I don't want to partition)

Also does UMSDOS have any problem booting off a d: drive (I am
installing another 100Mb drive to try to alleviate the space problem)

Right thats it......
Thanks for your help and I apologize for the bad spelling in some
places (my software don't spell check).

IMPORTANT:  My news feed is knackered, so can replyies be by mail as
well as news please?

Dan (Linux newbie)

2. GTK install help needed

3. Kmail question (or general email question).

4. How to insert a STREAMS module between tcp and ip?

5. remote logging question

6. SuSE and crypto v. stupid US laws

7. QUESTION: on /var/log/secure logging ....

8. Keep KDE2.2.2 installed with KDE3? or just stick with KDE3 alone?

9. Questions, questions questions

10. 3 issues --- 1-Gnome Question, 2-CDRom Detect Question, 3-IMLIB Question

11. Option for logging pf log to a remote host?

12. Questions Questions Questions ???

13. Questions, Questions, and more Questions..