From owner-freebsd-security@FreeBSD.ORG  Wed Jul 19 09:02:22 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4A7ED16A4DF
	for <freebsd-security@freebsd.org>;
	Wed, 19 Jul 2006 09:02:22 +0000 (UTC)
	(envelope-from d.m.pick@qmul.ac.uk)
Received: from mail2.qmul.ac.uk (mail2.qmul.ac.uk [138.37.6.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D2A5D43D45
	for <freebsd-security@freebsd.org>;
	Wed, 19 Jul 2006 09:02:21 +0000 (GMT)
	(envelope-from d.m.pick@qmul.ac.uk)
Received: from xi.css.qmw.ac.uk ([138.37.8.11])
	by mail2.qmul.ac.uk with esmtp (Exim 4.43)
	id 1G37wh-0002VK-Oz; Wed, 19 Jul 2006 10:02:20 +0100
Received: from localhost ([127.0.0.1] helo=xi.css.qmw.ac.uk)
	by xi.css.qmw.ac.uk with esmtp (Exim 3.34 #1)
	id 1G37wh-000HMc-00; Wed, 19 Jul 2006 10:02:19 +0100
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: George Mamalakis <mamalos@lan.gr>
In-reply-to: Your message of "Wed, 19 Jul 2006 12:07:08 +0300."
	<20060719114613.N18979@ns1.lan.gr> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 19 Jul 2006 10:02:19 +0100
From: David Pick <d.m.pick@qmul.ac.uk>
Message-Id: <E1G37wh-000HMc-00@xi.css.qmw.ac.uk>
X-Sender-Host-Address: 138.37.8.11
X-QM-Scan-Virus: virusscan says the message is clean
X-QM-Scan-Virus: ClamAV says the message is clean
Cc: freebsd-security@freebsd.org
Subject: Re: UDP connection attempts 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jul 2006 09:02:22 -0000


I get similar messages to these:

> Jul 19 03:25:56 ns1 kernel: Connection attempt to UDP myexternaladdress:52299 from myexternaladdress:53
> Jul 19 09:33:11 ns1 kernel: Connection attempt to UDP myexternaladdress:52316 from myexternaladdress:53

occasionally when a DNS server takes a long time to respond because
a UDP "keep state" *has* to time out eventually, and if the configured
interval is less than the DNS server response time the returning DNS
response will not match any "kept" entry. Tuning the interval will
reduce the messages, and allow the response packets through, but it
will still happen *sometimes*.

-- 
	David Pick