Date: Mon, 24 Jul 2000 20:48:11 +0200 From: sthaug@nethelp.no To: Gerhard.Sittig@gmx.net Cc: security@freebsd.org Subject: Re: What does this mean and how do I stop it ? Message-ID: <33753.964464491@verdi.nethelp.no> In-Reply-To: Your message of "Mon, 24 Jul 2000 19:29:15 %2B0200" References: <20000724192915.Z24476@speedy.gsinet>
next in thread | previous in thread | raw e-mail | index | archive | help
> > These entries appear frequently in the daily security report of > > a FreeBSD 4.0-RELEASE machine (Bind 8.2.x) > > > > > Connection attempt to UDP 127.0.0.1:2343 from 127.0.0.1:53 > > I don't care if everybody's telling you it's DNS *lookup* -- I > feel this is something different, since it's going *from* port 53 > *to* something random(?). It's the *answer* to a DNS query (lookup). The answer came so late that the DNS client (probably the resolver routines linked into the application) had already closed the UDP socket in question - thus there's nobody listening there. To me this was already implied from the previous messages in this thread... Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33753.964464491>