Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Dec 2001 11:24:39 +0300 (MSK)
From:      Maxim Konovalov <maxim@macomnet.ru>
To:        Paul Chvostek <paul@it.ca>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: log_in_vain
Message-ID:  <20011207112237.M10311-100000@news1.macomnet.ru>
In-Reply-To: <20011206094325.A434@mail.it.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hello,

On Thu, 6 Dec 2001, Paul Chvostek wrote:

>
> For the fun of it, I turned on log_in_vain.  And I'm seeing *lots* of
> stuff one might expect (port scans, Nimda poking at my mail server,
> SMTP to the web server, etc).  But I'm also seeing stuff I don't expect,
> primarily in the areas of DNS and localhost traffic.  For example:
>
> Dec  6 08:15:39 schplict /kernel: Connection attempt to UDP 216.126.86.8:1262 from 216.126.86.2:53
>
> and
>
> Dec  6 08:35:37 haggis /kernel: Connection attempt to UDP 216.126.86.9:1044 from 216.126.86.2:53
>
> and
>
> Dec  6 08:34:44 haggis /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1054
> Dec  6 08:34:44 haggis /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1058
> Dec  6 08:34:44 haggis /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1063
> Dec  6 08:34:45 haggis /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1067
>
> The host at 216.126.86.2 is the first nameserver in the resolv.conf of
> the both haggis and schplict.  It looks to me as if the name server is
> sending responses back to DNS queries which for some reason haven't
> waited around.

because of request timeout.

> And as far as I know I'm not running biff on haggis.  The frequency of
> the hits makes it look as if it's running something every time ...
> something ... gets launched.  But biff's not in any .profile, .cshrc or
> .login.  So I'm left scratching my head.

man 8 mail.local will help.

> Can anybody shed some light on this?

-- 
Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer
phone: +7 (095) 796-9079, mailto: maxim@macomnet.ru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011207112237.M10311-100000>