From owner-freebsd-questions@FreeBSD.ORG Sat Feb 7 04:26:51 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B84C16A4CF for ; Sat, 7 Feb 2004 04:26:51 -0800 (PST) Received: from plushosting.nl (t-x.dignus.nl [217.148.174.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43D0C43D1F for ; Sat, 7 Feb 2004 04:26:51 -0800 (PST) (envelope-from me@colin-raven.com) Received: from t-x.dignus.nl (t-x.dignus.nl [127.0.0.1]) by plushosting.nl (Postfix) with SMTP id 6F7C9250A6; Sat, 7 Feb 2004 13:26:49 +0100 (CET) Received: from 62.251.72.148 (SquirrelMail authenticated user colin) by t-x.dignus.nl with HTTP; Sat, 7 Feb 2004 13:26:49 +0100 (CET) Message-ID: <45808.62.251.72.148.1076156809.squirrel@t-x.dignus.nl> In-Reply-To: <20040207125111.645af687.krylon@gmx.net> References: <20040207125111.645af687.krylon@gmx.net> Date: Sat, 7 Feb 2004 13:26:49 +0100 (CET) From: "Colin Raven" To: "Benjamin Walkenhorst" User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: freebsd-questions@freebsd.org Subject: Re: Strange connect attempts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: me@colin-raven.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2004 12:26:51 -0000 > Under FreeBSD 5.2-RELEASE on i386 I get lots of kernel messages like > this one: > > Feb 7 12:38:01 neuromancer kernel: Connection attempt to UDP > 127.0.0.1:512 from 127.0.0.1:49383 > > /etc/services has this to say on Port 512/udp: > biff 512/udp comsat #used by mail system to notify > users > > Is there any way I can get rid of these messages? From the fact they > show up on my console, I assume port 512 is not open. Should I open it? > The machine is on a local network with me being the only user, so > security considerations aren't that important, really. =) > On the other hand, what do I need it for? I'd rather have it just shut > up. > > Any hints? Comment out anything to do with 512 in /etc/services thusly: #exec 512/tcp #biff 512/udp (I have both tcp and udp traffic disabled, there just isn't any need for either port to be in use) If in doubt BTW, make yourself a changelog somewhere in your $HOME and in that file record EXACTLY what you do each time something like this happens. Then if something quits working for no readily apparent reason, go back to your changelog and decide what to redo...but one thing at a time until whatever quit works again. Anyway, I digress...back to this matter: Check /etc/inted.conf, look for the entry: comsat dgram udp wait tty:tty /usr/libexec/comsat comsat Comment it out as shown with a "#": #comsat dgram udp wait tty:tty /usr/libexec/comsat comsat As root, stop and restart inetd: [root@snotbox] # ps -aux |grep inetd root 111 0.0 0.1 1096 600 ?? Ss Thu02PM 0:00.32 /usr/sbin/inetd -wW root 30881 0.0 0.0 272 148 p0 R+ 1:16PM 0:00.00 grep inetd [root@snotbox] # kill -HUP 111 Regards & HTH, -Colin