From owner-freebsd-security Tue Jun 15 16:20: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3b169.neo.rr.com [24.93.181.169]) by hub.freebsd.org (Postfix) with ESMTP id D777514C32 for ; Tue, 15 Jun 1999 16:20:00 -0700 (PDT) (envelope-from mike@argos.org) Received: from localhost (mike@localhost) by jason.argos.org (8.9.1/8.9.1) with ESMTP id TAA06024; Tue, 15 Jun 1999 19:25:06 -0400 Date: Tue, 15 Jun 1999 19:25:01 -0400 (EDT) From: Mike Nowlin To: Dan Langille Cc: security@FreeBSD.ORG Subject: Re: named timeouts In-Reply-To: <19990615194828.ZOVN93999.mta1-rme@wocker> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On my main machine, which is also running named, the daily security check > always has lots of these types of entries. Typically there are about 50 a > day. I think it's because a dns request has been started, but by the time > the reply arrives, the firewall has terminated that port connection (I'm > running ipfilter). > > Would it make sense to slightly increase the time such connections are > held to see if the nummber of such log entries decreases? If so, how? > > cheers. > > > Connection attempt to UDP 127.0.0.1:3282 from 127.0.0.1:53 > > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3363 > > Connection attempt to UDP 127.0.0.1:3373 from 127.0.0.1:53 > > Connection attempt to UDP 127.0.0.1:3378 from 127.0.0.1:53 > > Connection attempt to UDP 127.0.0.1:3380 from 127.0.0.1:53 Do you have 127.0.0.1 firewalled off? I've seen people do this before -- it's a no-no. Most (not all) network connections from a machine back into itself use that address, unless you specify otherwise. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message