Date: Mon, 26 May 2003 13:32:55 -0300 From: Fernando Schapachnik <fernando@mecon.gov.ar> To: freebsd-security@freebsd.org Subject: sshd doing dns queries on localhost? Message-ID: <20030526163255.GJ637@bal740r0.mecon.gov.ar>
next in thread | raw e-mail | index | archive | help
Hi, I noted on my 4.7 machines that when a ssh conection is made, the following PTR query happens (10.11.1.11 is the src address in the example): 13:23:21.120290 PUBLIC_IP.4523 > PUBLIC_IP.53: 52788+ PTR? 11.1.11.10.in-addr.arpa. (41) 13:23:21.120517 PUBLIC_IP.4524 > PUBLIC_IP.53: 52788+ PTR? 11.1.11.10.in-addr.arpa. (41) 13:23:21.120683 PUBLIC_IP.4525 > PUBLIC_IP.53: 52788+ PTR? 11.1.11.10.in-addr.arpa. (41) 13:23:21.120784 PUBLIC_IP.4526 > PUBLIC_IP.53: 52788+ PTR? 11.1.11.10.in-addr.arpa. (41) This is very weird because resolv.conf points to another server. Also, the capture is from lo0. Not that I see a security problem here (just the annoyance of this filling my log_in_vain logs), but I'm curious about the reason; at least didn't find any clue looking at source. May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4523 May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4524 May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4525 May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4526 Thanks for any pointer! Regards! Fernando.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030526163255.GJ637>