Date: Mon, 14 Apr 2003 13:03:25 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: GiZmen <gizmen@pals.one.pl> Cc: freebsd-security@FreeBSD.ORG Subject: Re: strange connection attempts Message-ID: <20030414200325.GB21249@blossom.cjclark.org> In-Reply-To: <20030414194431.GA48589@blurp.one.pl> References: <20030414113127.GB3861@blurp.one.pl> <20030414151520.GD33167@kurdistan.ath.cx> <20030414194431.GA48589@blurp.one.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 14, 2003 at 09:44:31PM +0200, GiZmen wrote:
[snip]
> my address is "xxx" and 192.43..... is an expamle address of dns server.
>
> I know that dns use an udp protocol but is it normal to have these connection
> attempts??
Someone else already explained this. It comes down to: the timeout of
your DNS application is shorter than the timeout on the firewall. Your
DNS application sends out a query and waits... and gives up. When it
give up, it closes the socket. However, the DNS server Out There
manages to still return a response some time later. Your firewall has
not timed out the UDP "connection" yet, so the response come
through. But there is no listening socket anymore, so it gets
logged_in_vain.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030414200325.GB21249>