From owner-freebsd-questions Wed Sep 26 15:25:11 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cx175057-a.ocnsd1.sdca.home.com (cx175057-a.ocnsd1.sdca.home.com [24.13.23.40]) by hub.freebsd.org (Postfix) with ESMTP id 5136E37B40D for ; Wed, 26 Sep 2001 15:25:06 -0700 (PDT) Received: from localhost (bri@localhost) by cx175057-a.ocnsd1.sdca.home.com (8.11.6/8.11.3) with ESMTP id f8QMOtm65814; Wed, 26 Sep 2001 15:24:56 -0700 (PDT) (envelope-from bri@sonicboom.org) Date: Wed, 26 Sep 2001 15:24:55 -0700 (PDT) From: Brian Whalen X-X-Sender: To: Kelsey Cummings Cc: Mikko Tyolajarvi , , Subject: Re: @home DNS server seems to be scanning my ports? In-Reply-To: <20010926151652.Y953@sonic.net> Message-ID: <20010926152429.F65459-100000@cx175057-a.ocnsd1.sdca.home.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG It makes me feel so good when I see this in my logs though.. Name: authorized-scan1.security.home.net Address: 24.0.0.203 Brian "Sonic" Whalen Success = Preparation + Opportunity On Wed, 26 Sep 2001, Kelsey Cummings wrote: > On Wed, Sep 26, 2001 at 02:12:52PM -0700, Mikko Tyolajarvi wrote: > > In local.freebsd.questions you write: > > > > >I keep getting these messages on my freebsd system: > > > > >"Connection attempt to UDP :X from 24.69.255.196:53 > > > > >where X is some port number. It's usually different. The latest ones were, > > >in series, ports 1034, 1036, 1037. > > > > Looks like DNS replies to me - is 24.69.255.196 the DNS server of your > > ISP by any chance? If whatever sent the query has given up and closed > > its socket, you'd see errors like these (if you are using a NAT > > gateway I guess there is some funky timeout in the NAT association > > tables as well - a late reply would cause an error like this too). > > > > The reason for the ports appearing in sequence like this is that the > > clients sending the queries get assigned dynamic port numbers by the > > system, starting at 1024. > > > > Nothing to worry about. > > If only everyone saw it that way. I work for an ISP with about 35k > subscribers and you have no idea how many complaints we get about > our DNS server 'portscanning'.... > > Ugh! So many 'personal' firewalls are paranoid about this too. > > -- > Kelsey Cummings - kgc@sonic.net sonic.net > System Administrator 300 B Street, Ste 101 > 707.522.1000 (Voice) Santa Rosa, CA 95404 > 707.547.2199 (Fax) http://www.sonic.net/ > Fingerprint = 7F 59 43 1B 44 8A 0D 57 91 08 73 73 7A 48 90 C5 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message