From owner-freebsd-security  Mon Feb 17 21: 4:40 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 54F9637B401; Mon, 17 Feb 2003 21:04:37 -0800 (PST)
Received: from smtp.fud.org.nz (203-79-83-205.cable.paradise.net.nz [203.79.83.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1280543F85; Mon, 17 Feb 2003 21:04:36 -0800 (PST)
	(envelope-from andy@fud.org.nz)
Received: from [192.168.0.30] (sambo.fud.org.nz [192.168.0.30])
	by smtp.fud.org.nz (Postfix) with ESMTP
	id 3789958; Tue, 18 Feb 2003 18:16:13 +1300 (NZDT)
Subject: Re: FireDNS and net.inet.udp.log_in_vain
From: Andrew Thompson <andy@fud.org.nz>
To: "Douglas K. Rand" <rand@meridian-enviro.com>
Cc: freebsd-security@freebsd.org, freebsd-ports@freebsd.org
In-Reply-To: <873cmmpc16.wl@bemidji.meridian-enviro.com>
References: <873cmmpc16.wl@bemidji.meridian-enviro.com>
Content-Type: text/plain
Organization: 
Message-Id: <1045544795.19726.3.camel@sambo.fud.org.nz>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Date: 18 Feb 2003 18:06:35 +1300
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, 2003-02-18 at 15:17, Douglas K. Rand wrote:
> I've been playing with MessageWall on one of our systems, and I
> noticed that we've been getting a lot of messages like:
> 
>   Connection attempt to UDP <our-ip>:<port-above-1024> from <ip-addr-in-resolv.conf>:53
> 
> in our logs. I have log_in_vain="YES" in my /etc/rc.conf, which sets:
> 
>    net.inet.tcp.log_in_vain: 1
>    net.inet.udp.log_in_vain: 1
> 
> Has anybody else noticed this, and is there a solution other than
> "Ignore those log messages" or "Unset net.inet.udp.log_in_vain"? (Both
> of these solutions /are/ fairly reasonable.)
> 

I believe this is caused when the dns server is slow/overloaded, the
resolver queries the server but the packet arrives back after the local
port is closed.  

Andy



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message