Hi,
I'm running a small local net, masqueraded behind one linuxbox, extra.
Earlier today, it seems I got portscanned (judging from the logs).
Tcplogd (afaik part of Wietse Venema's tcp_wrapper), that is installed
with Debian by default logged the attempts nicely, but the logs also show
this:
[--- a lot of scans deleted ---]
May 4 10:19:02 extra tcplogd: port 12 connection attempt from
[EMAIL PROTECTED] [xxx.xxx.xxx.xxx]
May 4 10:19:02 extra tcplogd: netstat connection attempt from
[EMAIL PROTECTED] [xxx.xxx.xxx.xxx]
May 4 10:20:53 extra kernel:
May 4 10:21:41 extra kernel: Out of memory for tcplogd.
May 4 10:22:42 extra sshd[187]: log: Generating new 768 bit RSA key.
May 4 10:24:30 extra /USR/SBIN/CRON[8088]: (root) CMD (test -f
/proc/modules
&& /sbin/rmmod -a)
May 4 10:21:21 extra tcplogd: ssh connection attempt from
[EMAIL PROTECTED] [xxx.xxx.xxx.xxx]
May 4 10:27:35 extra kernel:
May 4 10:33:53 extra kernel: Out of memory for tcplogd.
After this, my dhcpcd client & my sshd client crashed (doesn't show up in
the logs, but I noticed when I came home). Strangefully, the telnetd was
still running (luckily).
The system is a 486dx50 with 8 megs ram. I know this is not too heavy a
system, but with no users & only having to pass on packets, this shouldn't
be happening or am I wrong?
Maybe anyone has some pointers on how to tune my system?
--nico
--:: Nico Galoppo ::--------------------------------------------------
--:: scratch at ace.ulyssis.student.kuleuven.ac.be ::-----------------
:: ::
--:::::::::::::::::::::::::: Linux - Free power for the masses :::::::
