Date: Fri, 19 Mar 1999 07:20:31 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: freebsd-security@FreeBSD.ORG Subject: unknown connection attempts from localhost Message-ID: <19990318182128.MNSH682101.mta1-rme@wocker>
next in thread | raw e-mail | index | archive | help
I have recently turned on the log_in_vain stuff using the following: sysctl -w net.inet.tcp.log_in_vain=1 sysctl -w net.inet.udp.log_in_vain=1 Since then, I've been entries in my log which I don't understand: Mar 17 21:36:44 ns /kernel: Connection attempt to UDP 127.0.0.1:1645 from 127.0.0.1:53 Mar 17 22:14:41 ns /kernel: Connection attempt to UDP 127.0.0.1:1739 from 127.0.0.1:53 Mar 18 02:30:10 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2191 Mar 18 02:30:16 ns /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2192 There's a large number that look like the first two. To me it looks like the DNS server tried to connection back to a request that came in on port 1645/1739. Say what? The box in question is used as a name server and is a gateway/firewall box running IP Filter and does NAT, runs sendmail, etc. cheers. -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990318182128.MNSH682101.mta1-rme>