From owner-freebsd-security Thu Mar 18 15:10:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from ncc1701.cell2000.net (unknown [206.228.197.5]) by hub.freebsd.org (Postfix) with SMTP id 16D701525D for ; Thu, 18 Mar 1999 15:10:35 -0800 (PST) (envelope-from steve@cell2000.net) Received: from matrice [206.228.196.164] by ncc1701.cell2000.net (SMTPD32-4.06) id A77678E00154; Thu, 18 Mar 1999 15:08:38 PDT Message-ID: <000801be7193$b5bf58e0$1502110a@matrice> From: "Steven Alexander" To: Cc: Subject: Re: unknown connection attempts from localhost Date: Thu, 18 Mar 1999 15:04:42 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It isn't sending UDP packets to random ports. Your logs are showing that a host was looked up from UDP port 1645/1739 and that yoru DNS replied to them. The 'connection attempt' is used for a lack of a better term. As UDP is connectionless, the replies from the DNS server show up as connection attempts. This is standard behavior when using net.inet.*.log_in_vain=1 -steven >We see those too: > >> [snip] Connection attempt to UDP 127.0.0.1:1645 from 127.0.0.1:53 >> [snip] Connection attempt to UDP 127.0.0.1:1739 from 127.0.0.1:53 > >That's bind for sure, dunno why it's sending UDP packets to random >1024 >ports. Note that the 'connection attempt' is misleading: UDP is >connectionless. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message