From owner-freebsd-security@FreeBSD.ORG  Mon Apr 14 04:31:07 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 08FBA37B401
	for <freebsd-security@FreeBSD.ORG>;
	Mon, 14 Apr 2003 04:31:07 -0700 (PDT)
Received: from blurp.one.pl (blurp.t4.ds.pwr.wroc.pl [156.17.226.240])
	by mx1.FreeBSD.org (Postfix) with SMTP id 18FCE43F93
	for <freebsd-security@FreeBSD.ORG>;
	Mon, 14 Apr 2003 04:31:02 -0700 (PDT)
	(envelope-from gizmen@blurp.one.pl)
Received: (qmail 4261 invoked by uid 1002); 14 Apr 2003 11:31:27 -0000
Date: Mon, 14 Apr 2003 13:31:27 +0200
From: GiZmen <gizmen@pals.one.pl>
To: freebsd-security@FreeBSD.ORG
Message-ID: <20030414113127.GB3861@blurp.one.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.4i
Subject: strange connection attempts
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2003 11:31:07 -0000

hello,

I have turned on sysctls variables:
net.inet.tcp.log_in_vain: 1
net.inet.udp.log_in_vain: 1

And i have plenty of strange connection attempts on udp protocol

 Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53                                 
 Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53   
 Connection attempt to UDP xx.xx.x.xxx:12545 from 192.42.93.36:53                                  
 Apr 13 23:56:54 pals /kernel: Connection attempt to UDP xx.xx..xxx:12545 from 192.42.93.36:53    
 Connection attempt to UDP xx.xx.x.xxx:44308 from 192.42.93.36:53

i know that those connections are from dns but why kernel logs such thing.
I have statufull firewall and all trafic to any port on UDP protocol are deny and 
only those UDP datagrams from my resolver are passed back through dynamics rules. 
These connections are caused by returned queruies from dns servers. 
Is it normal to have such type connection attempts ?

Can anybody help me solve my problem.

-- 
Best Regards:
		GiZmen