Gonzalo Garcia wrote: > > the reason of this is because you have at least one rule where in action you > a have put "user auth" or "client auth" or "session auth". or... its a connection attempt to the auth/ident service (TCP/113). This is used for process authentication by applications such as mail, IRC, FTP and Telnet servers. Check to see if the auth packet is preceded by a connection attempt to the source IP address for one of the above mentioned services. If so, this is normal. See RFCs 931 and 1413 for more details. HTH, Chris -- ************************************** cbrentonat_private find / -name \*yourbase\* -exec chown us:us {} \; --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 13:57:02 PDT