Date: Tue, 15 Jun 1999 19:25:01 -0400 (EDT) From: Mike Nowlin <mike@argos.org> To: Dan Langille <junkmale@xtra.co.nz> Cc: security@FreeBSD.ORG Subject: Re: named timeouts Message-ID: <Pine.LNX.4.05.9906151923190.6019-100000@jason.argos.org> In-Reply-To: <19990615194828.ZOVN93999.mta1-rme@wocker>
next in thread | previous in thread | raw e-mail | index | archive | help
> On my main machine, which is also running named, the daily security check > always has lots of these types of entries. Typically there are about 50 a > day. I think it's because a dns request has been started, but by the time > the reply arrives, the firewall has terminated that port connection (I'm > running ipfilter). > > Would it make sense to slightly increase the time such connections are > held to see if the nummber of such log entries decreases? If so, how? > > cheers. > > > Connection attempt to UDP 127.0.0.1:3282 from 127.0.0.1:53 > > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3363 > > Connection attempt to UDP 127.0.0.1:3373 from 127.0.0.1:53 > > Connection attempt to UDP 127.0.0.1:3378 from 127.0.0.1:53 > > Connection attempt to UDP 127.0.0.1:3380 from 127.0.0.1:53 Do you have 127.0.0.1 firewalled off? I've seen people do this before -- it's a no-no. Most (not all) network connections from a machine back into itself use that address, unless you specify otherwise. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9906151923190.6019-100000>