Date: Thu, 6 Jan 2000 12:41:45 +1100 From: aunty <aunty@comcen.com.au> To: Greg Lehey <grog@lemis.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Strange UDP messages Message-ID: <20000106124145.D22061@comcen.com.au> In-Reply-To: <20000106114917.L30038@freebie.lemis.com> References: <20000106104533.A22061@comcen.com.au> <20000106114917.L30038@freebie.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 06, 2000 at 11:49:17AM +1030, Greg Lehey wrote:
> On Thursday, 6 January 2000 at 10:45:33 +1100, aunty wrote:
> > Any idea where to start looking for the cause of these?
>
> /etc/services.
Hmm, I should have mentioned I'd checked the ports there and was stumped.
> > Jan 6 10:35:49 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4376
> > Jan 6 10:35:51 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4391
> > Jan 6 10:35:55 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4442
> > Jan 6 10:36:03 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4510
> > Jan 6 10:36:08 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4553
>
> biff 512/udp comsat #used by mail system to notify users
> # of new mail received; currently
> # receives messages only from
> # processes on the same machine
OK, so it's biff. Now how do I stop it, or see what it's coming from,
or see any other evidence of it at all? And why didn't it happen before
the machine mysteriously rebooted itself this morning?
(This is 3.3-RELEASE with comsat disabled in /etc/inetd.conf)
> > Jan 6 10:36:16 hostname /kernel: Connection attempt to UDP 127.0.0.1:4256 from 127.0.0.1:53
> > Jan 6 10:36:17 hostname /kernel: Connection attempt to UDP 127.0.0.1:4258 from 127.0.0.1:53
> > Jan 6 10:36:21 hostname /kernel: Connection attempt to UDP 127.0.0.1:4261 from 127.0.0.1:53
>
> domain 53/udp #Domain Name Server
>
> It's not really clear to me why your name server should want to
> contact your local host, but maybe there's something in your config
> which could explain that.
Again, I can't see evidence in the logs of this happening before this
morning's reboot. I did have 'nameserver 127.0.0.1' in
/etc/resolv.conf. Removing that line and sending a SIGHUP to named
didn't affect the error messages.
Where to next?
--
Regards,
-*Sue*-
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000106124145.D22061>