From owner-freebsd-security Sun Feb 23 20:36:28 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 145EC37B401 for ; Sun, 23 Feb 2003 20:36:26 -0800 (PST) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37B4543FBF for ; Sun, 23 Feb 2003 20:36:18 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-a023.otenet.gr [212.205.215.23]) by mailsrv.otenet.gr (8.12.6/8.12.6) with ESMTP id h1O4aD2O012128; Mon, 24 Feb 2003 06:36:14 +0200 (EET) Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.7/8.12.7) with ESMTP id h1O4aBH5001979; Mon, 24 Feb 2003 06:36:11 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.7/8.12.7/Submit) id h1NJa5hY014418; Sun, 23 Feb 2003 21:36:05 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Sun, 23 Feb 2003 21:36:05 +0200 From: Giorgos Keramidas To: Alexander Anderson Cc: freebsd-security@FreeBSD.org Subject: Re: FireDNS and net.inet.udp.log_in_vain Message-ID: <20030223193605.GD3812@gothmog.gr> References: <873cmmpc16.wl@bemidji.meridian-enviro.com> <1045544795.19726.3.camel@sambo.fud.org.nz> <20030222171054.GA97944@dusty.upful.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030222171054.GA97944@dusty.upful.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2003-02-22 12:10, Alexander Anderson wrote: > > > Connection attempt to UDP : from > > > :53 > > > > I believe this is caused when the dns server is slow/overloaded, the > > resolver queries the server but the packet arrives back after the local > > port is closed. > > Is there any way to set up a rule in IPFW to drop such packets? > > Or, as a workaround, if there a way to set up syslog to ignore these > "connection attempts"? IIRC, this is a connection attempt to a port that doesn't have a listener. By default, they're not logged: $ sysctl -a | grep vain net.inet.tcp.log_in_vain: 0 net.inet.udp.log_in_vain: 0 $ You must have enabled log_in_vain in your rc.conf, right? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message