Date: Mon, 14 Apr 2003 15:42:26 +0400 From: dawnshade <h-k@mail.ru> To: freebsd-security@FreeBSD.ORG Subject: Re: strange connection attempts Message-ID: <104322900125.20030414154226@mail.ru> In-Reply-To: <20030414113127.GB3861@blurp.one.pl> References: <20030414113127.GB3861@blurp.one.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
G> I have turned on sysctls variables: G> net.inet.tcp.log_in_vain: 1 G> net.inet.udp.log_in_vain: 1 G> And i have plenty of strange connection attempts on udp protocol G> Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 G> Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 G> Connection attempt to UDP xx.xx.x.xxx:12545 from 192.42.93.36:53 G> Apr 13 23:56:54 pals /kernel: Connection attempt to UDP xx.xx..xxx:12545 from 192.42.93.36:53 G> Connection attempt to UDP xx.xx.x.xxx:44308 from 192.42.93.36:53 G> i know that those connections are from dns but why kernel logs such thing. G> I have statufull firewall and all trafic to any port on UDP protocol are deny and G> only those UDP datagrams from my resolver are passed back through dynamics rules. G> These connections are caused by returned queruies from dns servers. G> Is it normal to have such type connection attempts ? G> Can anybody help me solve my problem. I think yes. Got a same messages. The suspicion on squid - when connect to some server not completed or refused. ---------- root@some_hostname.ru$ echo "reboot" > /etc/rc&&reboot ---------- Best regards, dawnshade mailto:h-k@mail.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?104322900125.20030414154226>