From owner-freebsd-security Tue Jun 15 12:45:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from mta1-rme.xtra.co.nz (unknown [203.96.92.1]) by hub.freebsd.org (Postfix) with ESMTP id 7671D15602 for ; Tue, 15 Jun 1999 12:45:32 -0700 (PDT) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker ([210.55.152.36]) by mta1-rme.xtra.co.nz (InterMail v04.00.02.07 201-227-108) with SMTP id <19990615194828.ZOVN93999.mta1-rme@wocker> for ; Wed, 16 Jun 1999 07:48:28 +1200 From: "Dan Langille" Organization: The FreeBSD Diary To: security@freebsd.org Date: Wed, 16 Jun 1999 07:45:31 +1200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: named timeouts Reply-To: junkmale@xtra.co.nz X-mailer: Pegasus Mail for Win32 (v3.01d) Message-Id: <19990615194828.ZOVN93999.mta1-rme@wocker> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On my main machine, which is also running named, the daily security check always has lots of these types of entries. Typically there are about 50 a day. I think it's because a dns request has been started, but by the time the reply arrives, the firewall has terminated that port connection (I'm running ipfilter). Would it make sense to slightly increase the time such connections are held to see if the nummber of such log entries decreases? If so, how? cheers. > Connection attempt to UDP 127.0.0.1:3282 from 127.0.0.1:53 > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3363 > Connection attempt to UDP 127.0.0.1:3373 from 127.0.0.1:53 > Connection attempt to UDP 127.0.0.1:3378 from 127.0.0.1:53 > Connection attempt to UDP 127.0.0.1:3380 from 127.0.0.1:53 -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message