Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Apr 2002 07:36:46 -0700 (PDT)
From:      X Philius <xphilius@yahoo.com>
To:        freebsd-security@freebsd.org
Subject:   Mysterious entries in kernel log relating to DNS
Message-ID:  <20020410143646.56360.qmail@web11807.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help 
Security Folks,
I am running 4.4 Release, I have Bind 9.02 running on my box. I am
authoratative for a domain or two, and use my own name server for
resolution within my server (ie with lynx, nslookup or dig). Everything
seems to work fine DNS wise, I can always get resolution, and my DNS
setup appears to work correctly from the net at large (according to the
DNS tester at declude.com, and the fact that I can access the domains I
am authoratavie on from another ISP etc).

Question:
Periodically (a few times a week) I get these entries in the security
email autimagically sent by the standard scripts in periodic. Sometimes
there are many of them, and sometimes there are only a few or none. I
*am* using IPFW, however these entries are not being blocked by my last
rule, which I have numbered 999 (an example entry that *is* being
blocked by rule number 999 is also pasted below for clarity). My
understanding is that this log entry means that an attempt is being
made by localhost to access the name server on localhost, but that bind
is not listening or the request is malformed. I realize that this may
not be a question for security, but it *is* generated by the built in
FreeBSD security scripts, so I thought I'd start here. Thanks in
advance for any light you can shed on this phenom.

Jason

> Connection attempt to UDP 127.0.0.1:4699 from 127.0.0.1:53
> Apr  9 03:06:02 {myservername} /kernel: Connection attempt to UDP
127.0.0.1:4699 from 127.0.0.1:53
> ipfw: 999 Deny ICMP:8.0 63.251.129.65 10.1.3.2 in via xl0



__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020410143646.56360.qmail>