Date: Mon, 14 Apr 2003 21:44:31 +0200 From: GiZmen <gizmen@pals.one.pl> To: freebsd-security@FreeBSD.ORG Subject: Re: strange connection attempts Message-ID: <20030414194431.GA48589@blurp.one.pl> In-Reply-To: <20030414151520.GD33167@kurdistan.ath.cx> References: <20030414113127.GB3861@blurp.one.pl> <20030414151520.GD33167@kurdistan.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, > > > And i have plenty of strange connection attempts on udp protocol > > > > Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 > > Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 > > Connection attempt to UDP xx.xx.x.xxx:12545 from 192.42.93.36:53 > > Apr 13 23:56:54 pals /kernel: Connection attempt to UDP xx.xx..xxx:12545 from 192.42.93.36:53 > > Connection attempt to UDP xx.xx.x.xxx:44308 from 192.42.93.36:53 > > > > i know that those connections are from dns but why kernel logs such thing. > > I have statufull firewall and all trafic to any port on UDP protocol are deny and > > only those UDP datagrams from my resolver are passed back through dynamics rules. > > Which is your ip address? the "xxx" or the 192.42.93.36? > > If you're address is the "xxx" then you're fine. DNS often uses the udp > protocol. > > However, if it's the other way around and your address is 192.42... > then, it means that the upstream DNS server is trying to get updates from > you. > > Are you running a DNS server yourself? ---end quoted text--- my address is "xxx" and 192.43..... is an expamle address of dns server. I know that dns use an udp protocol but is it normal to have these connection attempts?? Im running only local dnscache (from djbdns) on my box. I don have any dnsserver. I have plenty of such connections from dns servers, and i turned of sysctl net.inet.udp.log_in_vain=0 because this starts to annoy me :( -- Best Regards: GiZmen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030414194431.GA48589>