Date: Mon, 24 Jul 2000 19:29:15 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: security@freebsd.org Subject: Re: What does this mean and how do I stop it ? Message-ID: <20000724192915.Z24476@speedy.gsinet> In-Reply-To: <Pine.BSF.4.21.0007240853450.326-100000@stan>; from Stanley.Hopcroft@IPAustralia.Gov.AU on Mon, Jul 24, 2000 at 08:56:04AM %2B1000 References: <Pine.BSF.4.21.0007240853450.326-100000@stan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 24, 2000 at 08:56 +1000, Stanley Hopcroft wrote:
>
> These entries appear frequently in the daily security report of
> a FreeBSD 4.0-RELEASE machine (Bind 8.2.x)
>
> > Connection attempt to UDP 127.0.0.1:2343 from 127.0.0.1:53
I don't care if everybody's telling you it's DNS *lookup* -- I
feel this is something different, since it's going *from* port 53
*to* something random(?). So this could be some kind of DNS
wakeup signal for secondaries ("notification", but I don't
believe it since there's probably noone listening and there's no
point in having localhost as localhost's secondary:). Or maybe
more probably it's a DNS _answer_ but it's arriving too late to
find the asking part listening? I'm not convinced by the other
replies. :) But it's clear that you only notice them since
log_in_vain is set. Although the only log entry I get with this
is biff triggering at every email delivery (port 512).
If you feel that bind is too slow or too aggressive when putting
burdon on your machine you might want to have a look at dnscache
(which was renamed lately to djbdns). It can be found in the
ports.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000724192915.Z24476>