Date: 16 Jun 1999 09:57:59 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: junkmale@xtra.co.nz Cc: security@FreeBSD.ORG Subject: Re: named timeouts Message-ID: <xzp909kefw8.fsf@flood.ping.uio.no> In-Reply-To: "Dan Langille"'s message of "Wed, 16 Jun 1999 07:45:31 %2B1200" References: <19990615194828.ZOVN93999.mta1-rme@wocker>
next in thread | previous in thread | raw e-mail | index | archive | help
"Dan Langille" <junkmale@xtra.co.nz> writes: > On my main machine, which is also running named, the daily security check > always has lots of these types of entries. Typically there are about 50 a > day. I think it's because a dns request has been started, but by the time > the reply arrives, the firewall has terminated that port connection (I'm > running ipfilter). No, I don't think these messages come from named. I think they're log messages from ipfilter telling you you didn't set up your firewall correctly. You should have rules permitting all UDP traffic to and *from* port 53. Actually, you should have a rule permitting all traffic across lo0 no matter what. > > Connection attempt to UDP 127.0.0.1:3282 from 127.0.0.1:53 This is named trying to reply to a query. > > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3363 This looks like comsat talking to biff. > > Connection attempt to UDP 127.0.0.1:3373 from 127.0.0.1:53 > > Connection attempt to UDP 127.0.0.1:3378 from 127.0.0.1:53 > > Connection attempt to UDP 127.0.0.1:3380 from 127.0.0.1:53 This is named trying to reply to queries. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp909kefw8.fsf>