Date: Wed, 16 Jun 1999 22:00:18 +1200 From: "Dan Langille" <junkmale@xtra.co.nz> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: security@FreeBSD.ORG, Mike Nowlin <mike@argos.org> Subject: Re: named timeouts Message-ID: <19990616100254.GZCQ311284.mta2-rme@wocker> In-Reply-To: <xzp909kefw8.fsf@flood.ping.uio.no> References: "Dan Langille"'s message of "Wed, 16 Jun 1999 07:45:31 %2B1200"
next in thread | previous in thread | raw e-mail | index | archive | help
On 16 Jun 99, at 9:57, Dag-Erling Smorgrav wrote: > "Dan Langille" <junkmale@xtra.co.nz> writes: > > On my main machine, which is also running named, the daily security > > check always has lots of these types of entries. Typically there are > > about 50 a day. I think it's because a dns request has been started, > > but by the time the reply arrives, the firewall has terminated that port > > connection (I'm running ipfilter). > > No, I don't think these messages come from named. I think they're log > messages from ipfilter telling you you didn't set up your firewall > correctly. You should have rules permitting all UDP traffic to and *from* > port 53. Actually, you should have a rule permitting all traffic across > lo0 no matter what. Well, I just checked: # ipfstat -hio | grep lo0 566 pass out quick on lo0 from any to any 1132 pass in quick on lo0 from any to any And verified via: # grep lo0 /etc/ipfrules pass in quick on lo0 all pass out quick on lo0 all Looks to me like they are allowed. There messages aren't from ipfilter. I believe they are from my kernel.log. I apologise for not pointing that out in the first place: $ tail kernel.log Jun 16 09:16:42 ns /kernel: Connection attempt to UDP 127.0.0.1:1391 from 127.0.0.1:53 Jun 16 09:17:02 ns /kernel: Connection attempt to UDP 127.0.0.1:1393 from 127.0.0.1:53 Jun 16 10:46:43 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1598 Jun 16 11:32:39 ns /kernel: Connection attempt to UDP 127.0.0.1:1704 from 127.0.0.1:53 Jun 16 12:37:18 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1872 Jun 16 13:22:40 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2026 Jun 16 17:29:47 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2521 Jun 16 18:45:20 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2730 Jun 16 21:12:36 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3029 Jun 16 21:17:48 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3138 does this make things any clearer? -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990616100254.GZCQ311284.mta2-rme>