Date: 27 Oct 2002 13:15:02 +0000 From: Stacey Roberts <stacey@Demon.vickiandstacey.com> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: FBSD 4.7 reset itself - lots of "DENY UDP" messages in /var/log/security Message-ID: <1035724504.394.12.camel@Demon.vickiandstacey.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hello,
Within the last few minutes, my FreeBSD g'way reset itself.
On coming up, I checked all available logs, and found the following in
/var/log/security:
Oct 27 12:59:22 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
192.33.4.12:53 out via sis0
Oct 27 12:59:30 Demon last message repeated 8 times
Oct 27 12:59:34 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
192.112.36.4:53 out via sis0
Oct 27 12:59:36 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
192.112.36.4:53 out via sis0
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1077
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1076
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1075
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1074
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1073
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1071
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1072
from 127.0.0.1:53
Oct 27 12:59:38 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
128.63.2.53:53 out via sis0
Oct 27 12:59:42 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
128.9.0.107:53 out via sis0
Oct 27 12:59:44 Demon /kernel: Connection attempt to UDP 127.0.0.1:1078
from 127.0.0.1:53
Oct 27 12:59:46 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
193.0.14.129:53 out via sis0
<Messages repeated here - snip>
Oct 27 13:00:06 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
192.5.5.241:53 out via sis0
#
I recognised the remote addresses to be those of DNS root servers, to
verify:
# nslookup 192.203.230.10
Server: localhost.vickiandstacey.com
Address: 127.0.0.1
Name: E.ROOT-SERVERS.NET
Address: 192.203.230.10
#
Here's what I've got from running last:
Demon# last
stacey ttyp0 :0 Sun Oct 27 12:57 still
logged in
stacey ttyv0 Sun Oct 27 12:56 still
logged in
reboot ~ Sun Oct 27 12:56
stacey ttyp2 :0 Sun Oct 27 00:52 - 01:18
(00:25)
stacey ttyp0 :0 Sun Oct 27 00:18 - crash
(13:37)
stacey ttyp2 :0 Sat Oct 26 21:15 - 00:15
(03:00)
stacey ttyp2 :0 Fri Oct 25 20:59 - 23:02
(02:02)
stacey ttyp2 :0 Fri Oct 25 19:45 - 20:25
(00:40)
stacey ttyp1 :0 Wed Oct 23 22:50 - 23:19
(00:29)
stacey ttyp0 :0 Wed Oct 23 22:41 - 00:15
(3+01:34)
Is anyone able to point me to what went wrong here? I suspect its got
something to do with the tons of ipfw DENY messages, but I wouldn't know
where to start with this.
Here's the uname:
# uname -a
FreeBSD De<snip> 4.7-STABLE FreeBSD 4.7-STABLE #0: Sat Oct 12 10:04:03
BST 2002 root@<snip>.vickiandstacey.com:/usr/obj/usr/src/sys/FALCON
i386
#
I'm running named in a sandbox here, and would have thought that this
set-up would have prevented a crash of this nature (if it is indeed that
the crash is related to DNS)
Anything that you need, please let me know.
TIA
Stacey
--
Stacey Roberts
B.Sc (HONS) Computer Science
Web: www.vickiandstacey.com
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQEVAwUAPbvm1ZvQeubckvvXAQEBAAf/VClgVw8OMHxSyxZnrgoCMfPKUV1Kn2jS
WhR5MMS0+LYmvLm3tBSDmdDT92SjnaPuFIyaVxUp08cnkhPOwEp2FssZg83gEUN1
wIhTL42B0Z3FuIpHa70M+1qrjiP+dywm36tgU4B4MBxDZEJCZQ2v2LmDdoc4DEpi
ZNNAsHUR92cZHgsIOyTVDkWj0qmoaOogURDiwbEPbtzG0qPVZBkivf+tzsesXCN3
BVCxoCRk1nX3mnDzKW/kObsQBtjvlW+KfS3ZVgDMpINAhyBFIVHNW/wYJHCtqoJm
TtY5lHg0bW9YlwJ/hnto6J9ffgQ0S4lQNwN8sxxgU8sIp3kOqH5d5g==
=Korv
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1035724504.394.12.camel>