Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 2 Dec 2004 16:55:28 +0100
From:      Christian Hiris <4711@chello.at>
To:        freebsd-questions@freebsd.org
Cc:        Jonathon McKitrick <jcm@freebsd-uk.eu.org>
Subject:   Re: Why these connections from 127.0.0.1?
Message-ID:  <200412021656.01136.4711@chello.at>
In-Reply-To: <20041202140601.GA53089@dogma.freebsd-uk.eu.org>
References:  <20041202123606.GA50028@dogma.freebsd-uk.eu.org> <20041202094853.Q66254@cactus.fi.uba.ar> <20041202140601.GA53089@dogma.freebsd-uk.eu.org>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 02 December 2004 15:06, Jonathon McKitrick wrote:
> On Thu, Dec 02, 2004 at 09:50:51AM -0300, Fernando Gleiser wrote:
> : On Thu, 2 Dec 2004, Jonathon McKitrick wrote:
> : > I'm trying to figure out why these messages are showing up:
> : >
> : > neptune kernel log messages:
> : > > Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:3746
> : > > flags:0x02 Connection attempt to TCP 127.0.0.1:113 from
> : > > 127.0.0.1:2058 flags:0x02 Connection attempt to UDP 127.0.0.1:512
> : > > from 127.0.0.1:4293
> : > > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:4864
> : > > Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:1972
> : > > flags:0x02 Connection attempt to UDP 127.0.0.1:512 from
> : > > 127.0.0.1:3859
> : >
> : > I thought my firewall was allowing loopback traffic.
> :
> : They look like "log in vain" entries. to you have log in vain enabled?
>
> I believe so.
>
> : 113/tcp is identd and 512/udp is biff. My guess is your mail system is
> : generating those requests and log in vain logs them.
>
> Should I disable log-in-vain or somehow allow these through?

The log-in-vain sysctl only controls logging behavior, it has no influence on 
how the packets are handled.  

Rejecting the identd packets or running an identd server might speed up your 
mailservices. It's possible that a mailservice like smtp waits until it gets 
a reply from your identd service. In the worst case it waits until network 
timeout is reached. This probably depends on your blackhole(4) sysctl 
settings.

On how to run several types of identd services see /etc/inetd.conf - look out 
for the predefined "auth" services - and 'man 8 inetd'. Or simply reject the 
connection requests by your firewall, by sending a RST, discarding the packet  
is not sufficient in this case. 

AFAIK know SMTP servers try to gain some information (like username and 
systemname) from a clientsystem via identd. So if you decide to enable 
identd, better check your mail-headers afterwards.

I never run comsat/biff, so I can't tell you much about. 'man 8 comsat' and 
'man 1 biff' is your friend.   

- -- 
Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x3BCA53BE 
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBrzsR09WjGjvKU74RAjS0AJ9qjsvHaNWlgNzz53rFMqViXDjrrgCfbrlZ
8xm7AVuNqOMuhuqyYV1YurY=
=BCPs
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412021656.01136.4711>