From owner-freebsd-security Sun Jul 23 15:59:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id B263C37C368 for ; Sun, 23 Jul 2000 15:59:08 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id PAA46731; Sun, 23 Jul 2000 15:58:51 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200007232258.PAA46731@gndrsh.dnsmgr.net> Subject: Re: What does this mean and how do I stop it ? In-Reply-To: <4.2.2.20000723181947.04949220@mail.sentex.net> from Mike Tancsa at "Jul 23, 2000 06:22:04 pm" To: mike@sentex.net (Mike Tancsa) Date: Sun, 23 Jul 2000 15:58:51 -0700 (PDT) Cc: Stanley.Hopcroft@IPAustralia.Gov.AU (Stanley Hopcroft), security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > At 08:56 AM 7/24/00 +1000, Stanley Hopcroft wrote: > >Dear Ladeis and Gentlemen, > > > >These entries appear frequently in the daily security report of a > >FreeBSD 4.0-RELEASE machine (Bind 8.2.x) > > > > > Connection attempt to UDP 127.0.0.1:2343 from 127.0.0.1:53 > > > >What do they mean and if they are not signs of bad things how can I get > >rid of them ? > > > It means a UDP packet from 127.0.0.1 port 53 got sent to 127.0.0.1 port > 2343, but nothing there was listening. If you want to disable it type, > sysctl net.inet.udp.log_in_vain=0 Hiding an error condition by not logging it does not make the error condition go away. Due to massive slow downs in high level (ie, root) nameservers the timeout's used by the libc resolver should be tweaked. On our mx machines we are seeing anyplace from 1/s to 20/s of these, and that means if we had only waited slightly longer we could have probably saved yet another packet from the internet. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message