From owner-freebsd-questions Wed Jan 5 17:44:53 2000 Delivered-To: freebsd-questions@freebsd.org Received: from sblake.comcen.com.au (sblake.comcen.com.au [203.23.236.144]) by hub.freebsd.org (Postfix) with ESMTP id 0EB8614E55 for ; Wed, 5 Jan 2000 17:44:40 -0800 (PST) (envelope-from aunty@sblake.comcen.com.au) Received: (from aunty@localhost) by sblake.comcen.com.au (8.9.3/8.9.3) id MAA23319; Thu, 6 Jan 2000 12:41:45 +1100 (EST) (envelope-from aunty) Date: Thu, 6 Jan 2000 12:41:45 +1100 From: aunty To: Greg Lehey Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Strange UDP messages Message-ID: <20000106124145.D22061@comcen.com.au> References: <20000106104533.A22061@comcen.com.au> <20000106114917.L30038@freebie.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <20000106114917.L30038@freebie.lemis.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jan 06, 2000 at 11:49:17AM +1030, Greg Lehey wrote: > On Thursday, 6 January 2000 at 10:45:33 +1100, aunty wrote: > > Any idea where to start looking for the cause of these? > > /etc/services. Hmm, I should have mentioned I'd checked the ports there and was stumped. > > Jan 6 10:35:49 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4376 > > Jan 6 10:35:51 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4391 > > Jan 6 10:35:55 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4442 > > Jan 6 10:36:03 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4510 > > Jan 6 10:36:08 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4553 > > biff 512/udp comsat #used by mail system to notify users > # of new mail received; currently > # receives messages only from > # processes on the same machine OK, so it's biff. Now how do I stop it, or see what it's coming from, or see any other evidence of it at all? And why didn't it happen before the machine mysteriously rebooted itself this morning? (This is 3.3-RELEASE with comsat disabled in /etc/inetd.conf) > > Jan 6 10:36:16 hostname /kernel: Connection attempt to UDP 127.0.0.1:4256 from 127.0.0.1:53 > > Jan 6 10:36:17 hostname /kernel: Connection attempt to UDP 127.0.0.1:4258 from 127.0.0.1:53 > > Jan 6 10:36:21 hostname /kernel: Connection attempt to UDP 127.0.0.1:4261 from 127.0.0.1:53 > > domain 53/udp #Domain Name Server > > It's not really clear to me why your name server should want to > contact your local host, but maybe there's something in your config > which could explain that. Again, I can't see evidence in the logs of this happening before this morning's reboot. I did have 'nameserver 127.0.0.1' in /etc/resolv.conf. Removing that line and sending a SIGHUP to named didn't affect the error messages. Where to next? -- Regards, -*Sue*- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message