From owner-freebsd-security@FreeBSD.ORG Mon Apr 14 08:15:21 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0692C37B401 for ; Mon, 14 Apr 2003 08:15:21 -0700 (PDT) Received: from kurdistan.ath.cx (adsl-64-169-155-173.dsl.chic01.pacbell.net [64.169.155.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21A2343FBD for ; Mon, 14 Apr 2003 08:15:20 -0700 (PDT) (envelope-from sereciya@kurdistan.ath.cx) Received: from kurdistan.ath.cx (ns1 [127.0.0.1]) by kurdistan.ath.cx (8.12.8/8.12.6) with ESMTP id h3EFFK04091121 for ; Mon, 14 Apr 2003 08:15:20 -0700 (PDT) (envelope-from sereciya@kurdistan.ath.cx) Received: (from sereciya@localhost) by kurdistan.ath.cx (8.12.8/8.12.6/Submit) id h3EFFKqu091120 for freebsd-security@freebsd.org; Mon, 14 Apr 2003 08:15:20 -0700 (PDT) Date: Mon, 14 Apr 2003 08:15:20 -0700 From: =?unknown-8bit?Q?S=EAr=EAciya_Kurdistan=EE?= To: freebsd-security@freebsd.org Message-ID: <20030414151520.GD33167@kurdistan.ath.cx> References: <20030414113127.GB3861@blurp.one.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20030414113127.GB3861@blurp.one.pl> User-Agent: Mutt/1.4i Subject: Re: strange connection attempts X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 15:15:21 -0000 Hello, > And i have plenty of strange connection attempts on udp protocol > > Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 > Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 > Connection attempt to UDP xx.xx.x.xxx:12545 from 192.42.93.36:53 > Apr 13 23:56:54 pals /kernel: Connection attempt to UDP xx.xx..xxx:12545 from 192.42.93.36:53 > Connection attempt to UDP xx.xx.x.xxx:44308 from 192.42.93.36:53 > > i know that those connections are from dns but why kernel logs such thing. > I have statufull firewall and all trafic to any port on UDP protocol are deny and > only those UDP datagrams from my resolver are passed back through dynamics rules. Which is your ip address? the "xxx" or the 192.42.93.36? If you're address is the "xxx" then you're fine. DNS often uses the udp protocol. However, if it's the other way around and your address is 192.42... then, it means that the upstream DNS server is trying to get updates from you. Are you running a DNS server yourself? --$êrêciya Kurdistanî +--------------------------------------------------------------+ | Welat xwe ava nake, dest bidin hevdu, pist nedin tu dijminî | | Riya azadiyê ne hêsan e, hêviya xwe bernedin, dema me | | nêzîk e. | | | | Hevaltî bi kesên du rû nekin, hevaltî bi hevdu ra bikin | | Ne ji hevaltiya wan kesên pêxwas û rû dirêj, ne bi wan | | kesên xwînperest, ne jî ji yên din. | | | | -$êrêciya Kurdistanî | +--------------------------------------------------------------+ translation provided on request: sereciya@kurdistan.ath.cx