From owner-freebsd-security Thu Mar 18 22:53:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.craxx.com (taz.craxx.com [195.108.198.110]) by hub.freebsd.org (Postfix) with ESMTP id 7D16414CA0 for ; Thu, 18 Mar 1999 22:53:26 -0800 (PST) (envelope-from alphen@craxx.com) Received: from ren (mail@mail.craxx.com [195.108.198.111]) by mail.craxx.com (8.9.1a/8.9.1) with SMTP id HAA14935; Fri, 19 Mar 1999 07:52:21 +0100 (CET) From: "laurens van alphen" To: "Steven Alexander" Cc: Subject: RE: unknown connection attempts from localhost Date: Fri, 19 Mar 1999 07:52:20 +0100 Message-ID: <000501be71d5$08e30120$0a0010ac@ren.craxx.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 In-Reply-To: <000801be7193$b5bf58e0$1502110a@matrice> Importance: Normal Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org mornin' > It isn't sending UDP packets to random ports. Your logs are showing that a > host was looked up from UDP port 1645/1739 and that yoru DNS replied to > them. my bad, of course there was a lookup from localhost from sourceport 1645 and 1739 first. but since there was clearly no one interested in the return packets (due to timeouts, whatever) i refered to them as 'random'. i will watch my words 7from now on. > The 'connection attempt' is used for a lack of a better term. As UDP > is connectionless, the replies from the DNS server show up as connection > attempts. This is standard behavior when using net.inet.*.log_in_vain=1 did i hear an echo ? ;-) -- laurens van alphen, craxx alphen@craxx.com, http://craxx.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message