Date: Sun, 23 Feb 2003 21:36:05 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Alexander Anderson <alex@upful.org> Cc: freebsd-security@FreeBSD.org Subject: Re: FireDNS and net.inet.udp.log_in_vain Message-ID: <20030223193605.GD3812@gothmog.gr> In-Reply-To: <20030222171054.GA97944@dusty.upful.org> References: <873cmmpc16.wl@bemidji.meridian-enviro.com> <1045544795.19726.3.camel@sambo.fud.org.nz> <20030222171054.GA97944@dusty.upful.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2003-02-22 12:10, Alexander Anderson <alex@upful.org> wrote: > > > Connection attempt to UDP <our-ip>:<port-above-1024> from > > > <ip-addr-in-resolv.conf>:53 > > > > I believe this is caused when the dns server is slow/overloaded, the > > resolver queries the server but the packet arrives back after the local > > port is closed. > > Is there any way to set up a rule in IPFW to drop such packets? > > Or, as a workaround, if there a way to set up syslog to ignore these > "connection attempts"? IIRC, this is a connection attempt to a port that doesn't have a listener. By default, they're not logged: $ sysctl -a | grep vain net.inet.tcp.log_in_vain: 0 net.inet.udp.log_in_vain: 0 $ You must have enabled log_in_vain in your rc.conf, right? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030223193605.GD3812>