From owner-freebsd-security Mon Feb 17 18:18: 5 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9433737B401; Mon, 17 Feb 2003 18:18:03 -0800 (PST) Received: from agena.meridian-enviro.com (thunder.meridian-enviro.com [207.109.234.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56FD543F75; Mon, 17 Feb 2003 18:18:01 -0800 (PST) (envelope-from rand@meridian-enviro.com) Received: from bemidji.meridian-enviro.com (bemidji.meridian-enviro.com [192.168.0.10]) by agena.meridian-enviro.com (8.11.6/8.11.6) with ESMTP id h1I2Hxf56559; Mon, 17 Feb 2003 20:17:59 -0600 (CST) (envelope-from rand@meridian-enviro.com) Date: Mon, 17 Feb 2003 20:17:57 -0600 Message-ID: <873cmmpc16.wl@bemidji.meridian-enviro.com> From: "Douglas K. Rand" To: freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: FireDNS and net.inet.udp.log_in_vain User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.4 MULE XEmacs/21.1 (patch 14) (Cuyahoga Valley) (i386--freebsd) X-Face: $L%T~#'9fAQ])o]A][d7EH`V;"_;2K;TEPQB=v]rDf_2s% List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've been playing with MessageWall on one of our systems, and I noticed that we've been getting a lot of messages like: Connection attempt to UDP : from :53 in our logs. I have log_in_vain="YES" in my /etc/rc.conf, which sets: net.inet.tcp.log_in_vain: 1 net.inet.udp.log_in_vain: 1 After a little work with tcpdump, these are queries of the black hole lists (openrbl.org) that MessageWall does. For speed (and security?), MessageWall uses the FireDNS library to do DNS queries. After a little more digging, I found that I can reproduce these messages by using the fdnsip command that comes with FireDNS. Everything seems to work just fine, the queries work, and return what you expect. It seems that I can virtually eliminate these messages by removing all but one host from my /etc/resolv.conf, not a solution that I'm keen on. Has anybody else noticed this, and is there a solution other than "Ignore those log messages" or "Unset net.inet.udp.log_in_vain"? (Both of these solutions /are/ fairly reasonable.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 17 19:36:28 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD4B237B401; Mon, 17 Feb 2003 19:36:26 -0800 (PST) Received: from agena.meridian-enviro.com (thunder.meridian-enviro.com [207.109.234.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9313D43F93; Mon, 17 Feb 2003 19:36:25 -0800 (PST) (envelope-from rand@meridian-enviro.com) Received: from bemidji.meridian-enviro.com (bemidji.meridian-enviro.com [192.168.0.10]) by agena.meridian-enviro.com (8.11.6/8.11.6) with ESMTP id h1I3Zrf81752; Mon, 17 Feb 2003 21:35:53 -0600 (CST) (envelope-from rand@meridian-enviro.com) Date: Mon, 17 Feb 2003 21:35:49 -0600 Message-ID: <871y26p8fe.wl@bemidji.meridian-enviro.com> From: "Douglas K. Rand" To: Kris Kennaway Cc: freebsd-security@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: FireDNS and net.inet.udp.log_in_vain In-Reply-To: <20030218032338.GA32867@rot13.obsecurity.org> References: <873cmmpc16.wl@bemidji.meridian-enviro.com> <20030218032338.GA32867@rot13.obsecurity.org> User-Agent: Wanderlust/2.10.0 (Venus) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.4 MULE XEmacs/21.1 (patch 14) (Cuyahoga Valley) (i386--freebsd) X-Face: $L%T~#'9fAQ])o]A][d7EH`V;"_;2K;TEPQB=v]rDf_2s% List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Doug> Has anybody else noticed this, and is there a solution other Doug> than "Ignore those log messages" or "Unset Doug> net.inet.udp.log_in_vain"? (Both of these solutions /are/ fairly Doug> reasonable.) Kris> log_in_vain means "log all connection attempts". And that's Kris> precisely what it's doing :-) Turn it off or filter it if you Kris> don't actually want to see ALL connection attempts. I hate to be contrary, but.... Thats not what /etc/defaults/rc.conf says: log_in_vain="0" # >=1 to log connects to ports w/o listeners. And that isn't what happens, either. When I ssh into the box, I don't get message, when NTP stuff happens, no log messages. It really only seems to be when a connection happens to a port not listening: $ telnet localhost 25 works, connects to the SMTP server with out a message $ telnet localhost 250 doesn't work, but produces a "Connection attemp" message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 17 20:55:17 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B4C037B401 for ; Mon, 17 Feb 2003 20:55:15 -0800 (PST) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.196.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E96A43F3F for ; Mon, 17 Feb 2003 20:55:14 -0800 (PST) (envelope-from lambert@lambertfam.org) Received: from laptop.lambertfam.org (laptop.int.lambertfam.org [10.1.0.2]) by mail.lambertfam.org (Postfix) with ESMTP id 9355135213 for ; Mon, 17 Feb 2003 23:55:11 -0500 (EST) Received: by laptop.lambertfam.org (Postfix, from userid 1000) id 90A2BB981; Mon, 17 Feb 2003 23:55:10 -0500 (EST) Date: Mon, 17 Feb 2003 23:55:10 -0500 From: Scott Lambert To: freebsd-security@FreeBSD.ORG Subject: Re: FireDNS and net.inet.udp.log_in_vain Message-ID: <20030218045510.GC44928@laptop.lambertfam.org> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <873cmmpc16.wl@bemidji.meridian-enviro.com> <20030218032338.GA32867@rot13.obsecurity.org> <871y26p8fe.wl@bemidji.meridian-enviro.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <871y26p8fe.wl@bemidji.meridian-enviro.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Feb 17, 2003 at 09:35:49PM -0600, Douglas K. Rand wrote: > Doug> Has anybody else noticed this, and is there a solution other > Doug> than "Ignore those log messages" or "Unset > Doug> net.inet.udp.log_in_vain"? (Both of these solutions /are/ fairly > Doug> reasonable.) > > Kris> log_in_vain means "log all connection attempts". And that's > Kris> precisely what it's doing :-) Turn it off or filter it if you > Kris> don't actually want to see ALL connection attempts. > > I hate to be contrary, but.... Thats not what /etc/defaults/rc.conf > says: > > log_in_vain="0" # >=1 to log connects to ports w/o listeners. blah, blah, blah FireDNS is may be kicking off a DNS query to each of the name servers listed in your /etc/resolve.conf. Then it stops listening for other responces when the first responce is heard. Therefore the port(s) that were used for the other initial DNS quer(y|ies) are closed by the time the DNS servers actually respond. This can happen if the DNS server responds after the resolver has timed out. Which could also be the case in your situation. This happens regularly when your link to the DNS server is full when you submit the query. If you don't like to see them, filter syslog lines for connection attempts originating from any of your name servers on port 53. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 17 21: 4:40 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54F9637B401; Mon, 17 Feb 2003 21:04:37 -0800 (PST) Received: from smtp.fud.org.nz (203-79-83-205.cable.paradise.net.nz [203.79.83.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1280543F85; Mon, 17 Feb 2003 21:04:36 -0800 (PST) (envelope-from andy@fud.org.nz) Received: from [192.168.0.30] (sambo.fud.org.nz [192.168.0.30]) by smtp.fud.org.nz (Postfix) with ESMTP id 3789958; Tue, 18 Feb 2003 18:16:13 +1300 (NZDT) Subject: Re: FireDNS and net.inet.udp.log_in_vain From: Andrew Thompson To: "Douglas K. Rand" Cc: freebsd-security@freebsd.org, freebsd-ports@freebsd.org In-Reply-To: <873cmmpc16.wl@bemidji.meridian-enviro.com> References: <873cmmpc16.wl@bemidji.meridian-enviro.com> Content-Type: text/plain Organization: Message-Id: <1045544795.19726.3.camel@sambo.fud.org.nz> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 Date: 18 Feb 2003 18:06:35 +1300 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 2003-02-18 at 15:17, Douglas K. Rand wrote: > I've been playing with MessageWall on one of our systems, and I > noticed that we've been getting a lot of messages like: > > Connection attempt to UDP : from :53 > > in our logs. I have log_in_vain="YES" in my /etc/rc.conf, which sets: > > net.inet.tcp.log_in_vain: 1 > net.inet.udp.log_in_vain: 1 > > Has anybody else noticed this, and is there a solution other than > "Ignore those log messages" or "Unset net.inet.udp.log_in_vain"? (Both > of these solutions /are/ fairly reasonable.) > I believe this is caused when the dns server is slow/overloaded, the resolver queries the server but the packet arrives back after the local port is closed. Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 18 13:46:39 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9671C37B401 for ; Tue, 18 Feb 2003 13:46:36 -0800 (PST) Received: from chopin.familyconnect.com (chopin.familyconnect.com [65.69.103.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id A189343FAF for ; Tue, 18 Feb 2003 13:46:35 -0800 (PST) (envelope-from brad@s4f.com) Received: from blhdev (unverified [65.69.103.75]) by chopin.familyconnect.com (Vircom SMTPRS 1.4.232) with SMTP id for ; Tue, 18 Feb 2003 15:46:35 -0600 From: "Brad Holman" To: Subject: re: ipfw ecn issue(s) Date: Tue, 18 Feb 2003 15:46:36 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org According to the REL notes for v5.0R (http://www.freebsd.org/releases/5.0R/DP1/relnotes-i386.html), there is a fix incorporated for the issue: "ipfw(4) now filters correctly in the presence of ECN bits in TCP segments." Is there a patch for version 4.x that can fix the problem without having to upgrade? Brad Technical Support S4F, Inc. 918.524.1010 support@s4f.com ** We are proud to introduce the S4F FilterCube hardware filtering solution. Call our sales dept. today for details. ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 18 14: 5:13 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 000DC37B401 for ; Tue, 18 Feb 2003 14:05:10 -0800 (PST) Received: from skyweb.ca (smtp-2.vancouver.ipapp.com [216.152.192.208]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FDBF43FA3 for ; Tue, 18 Feb 2003 14:05:10 -0800 (PST) (envelope-from mjohnston@skyweb.ca) Received: from mjohnston ([209.5.243.50]) by smtp-2.vancouver.ipapp.com ; Tue, 18 Feb 2003 14:05:07 -0800 From: "Mark Johnston" To: "'Brad Holman'" Cc: Subject: Re: ipfw ecn issue(s) Date: Tue, 18 Feb 2003 16:09:54 -0600 Message-ID: <002701c2d79a$77def0f0$be0fa8c0@MJOHNSTON> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brad Holman wrote: > According to the REL notes for v5.0R > (http://www.freebsd.org/releases/5.0R/DP1/relnotes-i386.html), there > is a fix incorporated for the issue: > > "ipfw(4) now filters correctly in the presence of ECN bits in TCP > segments." > > Is there a patch for version 4.x that can fix the problem without > having to upgrade? It looks like ipfw's ECN handling was fixed in 4-STABLE (and RELENG_3) back in January 2001, with rev 1.131.2.11 to RELENG_4. If you're using STABLE (or any 4.x) from after January 2001, you should be OK. You can also tell that the bug fix was merged to 4.x by the "[MERGED]" text in the release notes. If you're running something older than January 2001, you may be able to come up with your own patch; check http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw.c, revision 1.131.2.11, for the changes. Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 19 7:26:23 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F47B37B401 for ; Wed, 19 Feb 2003 07:26:18 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5471E43F75 for ; Wed, 19 Feb 2003 07:26:17 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id E75D49A for ; Wed, 19 Feb 2003 09:26:16 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 77EC878C39; Wed, 19 Feb 2003 09:25:39 -0600 (CST) Date: Wed, 19 Feb 2003 09:25:39 -0600 From: "Jacques A. Vidrine" To: freebsd-security@FreeBSD.org Subject: Fwd: [[ANNOUNCE] OpenSSL 0.9.7a and 0.9.6i released] Message-ID: <20030219152539.GH38768@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Folks, Nothing extremely critical here, but I will be importing the new versions into -CURRENT, -STABLE, and the security branches over the next few days. A FreeBSD advisory will follow the import. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se ----- Forwarded message from Richard Levitte - VMS Whacker ----- Date: Wed, 19 Feb 2003 14:43:57 +0100 (CET) From: Richard Levitte - VMS Whacker To: openssl-announce@openssl.org, openssl-users@openssl.org, openssl-dev@openssl.org, coderpunks@toad.com, cypherpunks@www.dough.org, cryptography@wasabisystems.com, INFO-VAX@MVB.SAIC.COM, INFO-WASD@VSM.COM.AU, VMS-SSH@ALPHA.SGGW.WAW.PL, vms-web-daemon@KJSL.COM Subject: [ANNOUNCE] OpenSSL 0.9.7a and 0.9.6i released Message-Id: <20030219.144357.82990169.levitte@openssl.org> Reply-To: openssl-dev@openssl.org -----BEGIN PGP SIGNED MESSAGE----- OpenSSL version 0.9.7a and 0.9.6i released ========================================== OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7a of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates at least 11 changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES. We also release 0.9.6i, which contains the same security bugfix as 0.9.7a and a few more small bugfixes compared to 0.9.6h. The most significant changes are: o Security: Important security related bugfixes. [0.9.7a and 0.9.6i] o Enhanced compatibility with MIT Kerberos. [0.9.7a] o Can be built without the ENGINE framework. [0.9.7a] o IA32 assembler enhancements. [0.9.7a] o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. [0.9.7a] o Configuration: the no-err option now works properly. [0.9.7a] o SSL/TLS: now handles manual certificate chain building. [0.9.7a] o SSL/TLS: certain session ID malfunctions corrected. [0.9.7a] We consider OpenSSL 0.9.7a to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7a is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.6 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.6i as soon as possible. It's available in the same location as 0.9.7a. The distribution file name is: o openssl-0.9.7a.tar.gz [normal] MD5 checksum: a0d3203ecf10989fdc61c784ae82e531 o openssl-0.9.6i.tar.gz [normal] MD5 checksum: 9c4db437c17e0b6412c5e4645b6fcf5c o openssl-engine-0.9.6i.tar.gz [engine] MD5 checksum: c9adc0596c630b31b999eba32fc0a6b3 The checksums were calculated using the following command: openssl md5 < openssl-0.9.7a.tar.gz openssl md5 < openssl-0.9.6i.tar.gz openssl md5 < openssl-engine-0.9.6i.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz Jänicke Ulf Möller -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQEVAwUBPlOJmPTy7ZjgbSyxAQHG4Qf+K6vX8kk9msYI3iD6zK3BSXzMFO0pCVNN 8OkUW7wsmAnoSRuT89jGTom0fmIi1eiQcOFUf1krlk7btJ4KRVEok/G2ooa4qOmq MU+4djKgM/LDlqzAbDfN7cEbWGPJeP4polPTgOBYqexBdwoTvJuX9m4LRgvK2enW BsJjqdsmsLqWlMmixpKsMHNXXyYqs8SGhdSR7SQlbCVNu6QabWi21NbKCvyJzhEq 5Bn9mUej60GHOdTNpRGwqWxBCvl/kAPnOP4ffj5mbQL+R9VYCeCy3BsjDmLdmDt9 xqxdXBxPqu/S1OnSnsTQeMk70o3qX0F6lgqhNUt6FtHynbxoAGAPcw== =KOdL -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majordomo@openssl.org ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 22 9: 8:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DBD237B401; Sat, 22 Feb 2003 09:08:45 -0800 (PST) Received: from dusty.upful.org (CPE000476ee7bea-CM014380008745.cpe.net.cable.rogers.com [24.157.229.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE98943FDD; Sat, 22 Feb 2003 09:08:43 -0800 (PST) (envelope-from alex@dusty.upful.org) Received: (from alex@localhost) by dusty.upful.org (8.11.6/8.11.6) id h1MHAsQ98197; Sat, 22 Feb 2003 12:10:54 -0500 (EST) (envelope-from alex) Date: Sat, 22 Feb 2003 12:10:54 -0500 From: Alexander Anderson To: freebsd-security@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: FireDNS and net.inet.udp.log_in_vain Message-ID: <20030222171054.GA97944@dusty.upful.org> References: <873cmmpc16.wl@bemidji.meridian-enviro.com> <1045544795.19726.3.camel@sambo.fud.org.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1045544795.19726.3.camel@sambo.fud.org.nz> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Connection attempt to UDP : from > > :53 > > I believe this is caused when the dns server is slow/overloaded, the > resolver queries the server but the packet arrives back after the local > port is closed. Is there any way to set up a rule in IPFW to drop such packets? Or, as a workaround, if there a way to set up syslog to ignore these "connection attempts"? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message