From owner-freebsd-stable@freebsd.org Thu Feb 2 18:55:23 2017 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CFB14CCECA4 for ; Thu, 2 Feb 2017 18:55:23 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6277395D for ; Thu, 2 Feb 2017 18:55:23 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from amavis-ori.ijs.si (localhost [IPv6:::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.ijs.si (Postfix) with ESMTPS id 3vDq213jm6zgk for ; Thu, 2 Feb 2017 19:55:21 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h= user-agent:message-id:organization:subject:subject:from:from :date:date:content-transfer-encoding:content-type:content-type :mime-version:received:received:received:received; s=jakla4; t= 1486061717; x=1488653718; bh=Xkoas8/dySgUSqCbH6Rl5sZ0F2DXe9iMuuw T/1R+gLs=; b=G+lSIy8Zsy1IO77aAATjFiumnbG/aylLoB4Tb0mC63I8tuI+CTp zchgL/+ezXGt1/tnDbD1alte+Mp9I4m7izVLAl7hOsI7oSE1NM214ai9PbXIjAzR 9N7h7BP/xQTLqiY75FyG4fexdTNFDESpvXzAcLj4N+4t1AypZKyglZAM= X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([IPv6:::1]) by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026) with LMTP id AI5Ve89Xgpnn for ; Thu, 2 Feb 2017 19:55:17 +0100 (CET) Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1]) by mail.ijs.si (Postfix) with ESMTP id 3vDq1x01Tkzgh for ; Thu, 2 Feb 2017 19:55:17 +0100 (CET) Received: from nabiralnik.ijs.si (nabiralnik.ijs.si [IPv6:2001:1470:ff80::80:16]) by mildred.ijs.si (Postfix) with ESMTP id 3vDq1w6HDsz66 for ; Thu, 2 Feb 2017 19:55:16 +0100 (CET) Received: from neli.ijs.si (2001:1470:ff80:88:21c:c0ff:feb1:8c91) by webmail.ijs.si with HTTP (HTTP/1.1 POST); Thu, 02 Feb 2017 19:55:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 02 Feb 2017 19:55:16 +0100 From: Mark Martinec To: freebsd-stable@freebsd.org Subject: net.inet.udp.log_in_vain strange syslog reports Organization: Jozef Stefan Institute Message-ID: <76681a24b7935674585b5ac585f4575c@ijs.si> X-Sender: Mark.Martinec+freebsd@ijs.si User-Agent: Roundcube Webmail/1.2.3 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2017 18:55:23 -0000 11.0-RELEASE-p7, net.inet.udp.log_in_vain=1 The following syslog entries seem to indicate some buffer overruns in the reporting code (not all log lines are broken, just some). (the actual failed connection attempts were indeed there, it's just that the reported IP address is highly suspicious) Mark Connection attempt to UDP 193.2.4.2:53 from 95.87.1521242:26375 Connection attempt to UDP 193.2.4.2:53 from 95.87.1521242:55806 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:54530 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:55504 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:54530 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:49526 Connection attempt to UDP 193.2.4.2:53 from 95.8231520242:56838 Connection attempt to UDP 193.2.4.2:53 from 95.8231520242:32768 Connection attempt to UDP 193.2.4.2:53 from 95.8241523242:5387 Connection attempt to UDP 193.2.4.2:53 from 95.8241523242:54530 Connection attempt to UDP 193.2.4.2:53 from 21.823154.242:46692 Connection attempt to UDP 193.2.4.2:53 from 21.823154.242:32768 Connection attempt to UDP 193.2.4.2:53 from 19387.154.242:51931 Connection attempt to UDP 193.2.4.2:53 from 19387.154.242:59881 Connection attempt to UDP 193.2.4.2:53 from 212873154.242:53424 Connection attempt to UDP 193.2.4.2:53 from 212873154.242:53937 Connection attempt to UDP 193.2.4.2:53 from 19387.1587242:46692 Connection attempt to UDP 193.2.4.2:53 from 19387.1587242:52594 Connection attempt to UDP 193.2.4.2:53 from 19387.1587242:59639 Connection attempt to UDP 193.2.4.2:53 from 19387.1587242:50869 Connection attempt to UDP 193.2.4.2:53 from 19382.1587242:55806 Connection attempt to UDP 193.2.4.2:53 from 19382.1587242:54650 Connection attempt to UDP 193.2.4.2:53 from 95.824154.242:54322 Connection attempt to UDP 193.2.4.2:53 from 95.824154.242:49871 Connection attempt to UDP 193.2.4.2:53 from 95.824154.242:57807 Connection attempt to UDP 193.2.4.2:53 from 95.824154.242:51931 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:52930 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:50869 Connection attempt to UDP 193.2.4.2:53 from 212823152.242:56838 Connection attempt to UDP 193.2.4.2:53 from 212823152.242:32768 Connection attempt to UDP 193.2.4.2:53 from 21.8231521242:63724 Connection attempt to UDP 193.2.4.2:53 from 21.8231521242:55222 Connection attempt to UDP 193.2.4.2:53 from 1948249.230.46:52599 Connection attempt to UDP 193.2.4.2:53 from 1948249.230.46:38496 Connection attempt to UDP 193.2.4.2:53 from 2128235.209.250:43608 Connection attempt to UDP 193.2.4.2:53 from 2128235.209.250:47257 Connection attempt to UDP 193.2.4.2:53 from 19387.1594242:54324 Connection attempt to UDP 193.2.4.2:53 from 19387.1594242:34613 Connection attempt to UDP 193.2.4.2:53 from 2128235.2124180:54377 Connection attempt to UDP 193.2.4.2:53 from 2128235.2124180:50869 Connection attempt to UDP 193.2.4.2:53 from 95.87.1547242:51698 Connection attempt to UDP 193.2.4.2:53 from 95.87.1547242:55222 Connection attempt to UDP 193.2.4.2:53 from 193.2.4.2242:55222 Connection attempt to UDP 193.2.4.2:53 from 19.8241523242:38496 Connection attempt to UDP 193.2.4.2:53 from 19.8241523242:55135 Connection attempt to UDP 193.2.4.2:53 from 95.824154.242:50370 Connection attempt to UDP 193.2.4.2:53 from 95.824154.242:64533 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:55222 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:56228 Connection attempt to UDP 193.2.4.2:53 from 19387.1587242:53424 Connection attempt to UDP 193.2.4.2:53 from 19387.1587242:61230 Connection attempt to UDP 193.2.4.2:53 from 212823154.242:59716 Connection attempt to UDP 193.2.4.2:53 from 212823154.242:53424 Connection attempt to UDP 193.2.4.2:53 from 19387.154.242:36439 Connection attempt to UDP 193.2.4.2:53 from 19387.154.242:60638 Connection attempt to UDP 193.2.4.2:53 from 19387.1521242:59008 Connection attempt to UDP 193.2.4.2:53 from 19387.1521242:35505 Connection attempt to UDP 193.2.4.2:53 from 19.824154.242:54322 Connection attempt to UDP 193.2.4.2:53 from 19.824154.242:30943 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:51752 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:35165 Connection attempt to UDP 193.2.4.2:53 from 95.87.1587242:36439 Connection attempt to UDP 193.2.4.2:53 from 95.87.1587242:57311 Connection attempt to UDP 193.2.4.2:53 from 19387.1587242:36439 Connection attempt to UDP 193.2.4.2:53 from 19387.1587242:59280 Connection attempt to UDP 193.2.4.2:53 from 19487.154.242:53424 Connection attempt to UDP 193.2.4.2:53 from 19487.154.242:53247 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:35165 Connection attempt to UDP 193.2.4.2:53 from 95.823154.242:50473 Connection attempt to UDP 193.2.4.2:53 from 21287.154.242:56838 Connection attempt to UDP 193.2.4.2:53 from 21287.154.242:63658 Connection attempt to UDP 193.2.4.2:53 from 21287.154.242:54322 Connection attempt to UDP 193.2.4.2:53 from 21287.154.242:60637