From owner-freebsd-security@FreeBSD.ORG Mon Apr 14 12:44:10 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57E2A37B401 for ; Mon, 14 Apr 2003 12:44:10 -0700 (PDT) Received: from blurp.one.pl (blurp.t4.ds.pwr.wroc.pl [156.17.226.240]) by mx1.FreeBSD.org (Postfix) with SMTP id E4B3243F85 for ; Mon, 14 Apr 2003 12:44:06 -0700 (PDT) (envelope-from gizmen@blurp.one.pl) Received: (qmail 49101 invoked by uid 1002); 14 Apr 2003 19:44:31 -0000 Date: Mon, 14 Apr 2003 21:44:31 +0200 From: GiZmen To: freebsd-security@FreeBSD.ORG Message-ID: <20030414194431.GA48589@blurp.one.pl> References: <20030414113127.GB3861@blurp.one.pl> <20030414151520.GD33167@kurdistan.ath.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030414151520.GD33167@kurdistan.ath.cx> User-Agent: Mutt/1.5.4i Subject: Re: strange connection attempts X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2003 19:44:10 -0000 > Hello, > > > And i have plenty of strange connection attempts on udp protocol > > > > Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 > > Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 > > Connection attempt to UDP xx.xx.x.xxx:12545 from 192.42.93.36:53 > > Apr 13 23:56:54 pals /kernel: Connection attempt to UDP xx.xx..xxx:12545 from 192.42.93.36:53 > > Connection attempt to UDP xx.xx.x.xxx:44308 from 192.42.93.36:53 > > > > i know that those connections are from dns but why kernel logs such thing. > > I have statufull firewall and all trafic to any port on UDP protocol are deny and > > only those UDP datagrams from my resolver are passed back through dynamics rules. > > Which is your ip address? the "xxx" or the 192.42.93.36? > > If you're address is the "xxx" then you're fine. DNS often uses the udp > protocol. > > However, if it's the other way around and your address is 192.42... > then, it means that the upstream DNS server is trying to get updates from > you. > > Are you running a DNS server yourself? ---end quoted text--- my address is "xxx" and 192.43..... is an expamle address of dns server. I know that dns use an udp protocol but is it normal to have these connection attempts?? Im running only local dnscache (from djbdns) on my box. I don have any dnsserver. I have plenty of such connections from dns servers, and i turned of sysctl net.inet.udp.log_in_vain=0 because this starts to annoy me :( -- Best Regards: GiZmen