From owner-freebsd-questions Wed Sep 26 15:17:37 2001 Delivered-To: freebsd-questions@freebsd.org Received: from marine.sonic.net (marine.sonic.net [208.201.224.37]) by hub.freebsd.org (Postfix) with SMTP id 3ABAB37B440 for ; Wed, 26 Sep 2001 15:17:34 -0700 (PDT) Received: (qmail 21975 invoked from network); 26 Sep 2001 22:16:54 -0000 Received: from buzz.sonic.net (208.201.224.78) by marine.sonic.net with SMTP; 26 Sep 2001 22:16:54 -0000 Received: from wingerboy.sonic.net (fw.office.sonic.net [209.204.177.119]) by buzz.sonic.net (8.11.6/8.8.5) with ESMTP id f8QMGs217207; Wed, 26 Sep 2001 15:16:54 -0700 X-envelope-info: Date: Wed, 26 Sep 2001 15:16:52 -0700 From: Kelsey Cummings To: Mikko Tyolajarvi Cc: mackinnon.m@home.com, questions@FreeBSD.ORG Subject: Re: @home DNS server seems to be scanning my ports? Message-ID: <20010926151652.Y953@sonic.net> References: <20010926184539.55B2737B40B@hub.freebsd.org> <5.0.2.1.0.20010926121341.00a5de40@netmail.home.com> <200109262112.f8QLCqu75754@explorer.rsa.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200109262112.f8QLCqu75754@explorer.rsa.com>; from mikko@dynas.se on Wed, Sep 26, 2001 at 02:12:52PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Sep 26, 2001 at 02:12:52PM -0700, Mikko Tyolajarvi wrote: > In local.freebsd.questions you write: > > >I keep getting these messages on my freebsd system: > > >"Connection attempt to UDP :X from 24.69.255.196:53 > > >where X is some port number. It's usually different. The latest ones were, > >in series, ports 1034, 1036, 1037. > > Looks like DNS replies to me - is 24.69.255.196 the DNS server of your > ISP by any chance? If whatever sent the query has given up and closed > its socket, you'd see errors like these (if you are using a NAT > gateway I guess there is some funky timeout in the NAT association > tables as well - a late reply would cause an error like this too). > > The reason for the ports appearing in sequence like this is that the > clients sending the queries get assigned dynamic port numbers by the > system, starting at 1024. > > Nothing to worry about. If only everyone saw it that way. I work for an ISP with about 35k subscribers and you have no idea how many complaints we get about our DNS server 'portscanning'.... Ugh! So many 'personal' firewalls are paranoid about this too. -- Kelsey Cummings - kgc@sonic.net sonic.net System Administrator 300 B Street, Ste 101 707.522.1000 (Voice) Santa Rosa, CA 95404 707.547.2199 (Fax) http://www.sonic.net/ Fingerprint = 7F 59 43 1B 44 8A 0D 57 91 08 73 73 7A 48 90 C5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message