From owner-freebsd-questions Wed Jan 5 17:58:20 2000 Delivered-To: freebsd-questions@freebsd.org Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by hub.freebsd.org (Postfix) with ESMTP id 6C21614EB5 for ; Wed, 5 Jan 2000 17:58:14 -0800 (PST) (envelope-from grog@freebie.lemis.com) Received: (from grog@localhost) by freebie.lemis.com (8.9.3/8.9.0) id MAA68206; Thu, 6 Jan 2000 12:23:21 +1030 (CST) Date: Thu, 6 Jan 2000 12:23:21 +1030 From: Greg Lehey To: aunty Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Strange UDP messages Message-ID: <20000106122321.P30038@freebie.lemis.com> References: <20000106104533.A22061@comcen.com.au> <20000106114917.L30038@freebie.lemis.com> <20000106124145.D22061@comcen.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <20000106124145.D22061@comcen.com.au> WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thursday, 6 January 2000 at 12:41:45 +1100, aunty wrote: > On Thu, Jan 06, 2000 at 11:49:17AM +1030, Greg Lehey wrote: >> On Thursday, 6 January 2000 at 10:45:33 +1100, aunty wrote: >>> Any idea where to start looking for the cause of these? >> >> /etc/services. > > Hmm, I should have mentioned I'd checked the ports there and was stumped. > >>> Jan 6 10:36:08 hostname /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4553 >> >> biff 512/udp comsat #used by mail system to notify users >> # of new mail received; currently >> # receives messages only from >> # processes on the same machine > > OK, so it's biff. Now how do I stop it, or see what it's coming from, > or see any other evidence of it at all? Good question. Are you using sendmail? Or maybe it's mail.local that's doing this. > And why didn't it happen before the machine mysteriously rebooted > itself this morning? (This is 3.3-RELEASE with comsat disabled in > /etc/inetd.conf) Well, that's the reason. Disable comsat, and you won't be able to connect. >>> Jan 6 10:36:21 hostname /kernel: Connection attempt to UDP 127.0.0.1:4261 from 127.0.0.1:53 >> >> domain 53/udp #Domain Name Server >> >> It's not really clear to me why your name server should want to >> contact your local host, but maybe there's something in your config >> which could explain that. > > Again, I can't see evidence in the logs of this happening before this > morning's reboot. I did have 'nameserver 127.0.0.1' in > /etc/resolv.conf. Removing that line and sending a SIGHUP to named > didn't affect the error messages. No, this is named trying to contact your system. Again, I'm puzzled as to why. On the whole, this is pretty harmless stuff; about the biggest problem is that you might fill up your log file. You should be able to turn these messages off with # sysctl -w net.inet.tcp.log_in_vain=0 Greg -- When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message