Date: Sun, 23 Jul 2000 15:58:51 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: mike@sentex.net (Mike Tancsa) Cc: Stanley.Hopcroft@IPAustralia.Gov.AU (Stanley Hopcroft), security@FreeBSD.ORG Subject: Re: What does this mean and how do I stop it ? Message-ID: <200007232258.PAA46731@gndrsh.dnsmgr.net> In-Reply-To: <4.2.2.20000723181947.04949220@mail.sentex.net> from Mike Tancsa at "Jul 23, 2000 06:22:04 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> At 08:56 AM 7/24/00 +1000, Stanley Hopcroft wrote: > >Dear Ladeis and Gentlemen, > > > >These entries appear frequently in the daily security report of a > >FreeBSD 4.0-RELEASE machine (Bind 8.2.x) > > > > > Connection attempt to UDP 127.0.0.1:2343 from 127.0.0.1:53 > > > >What do they mean and if they are not signs of bad things how can I get > >rid of them ? > > > It means a UDP packet from 127.0.0.1 port 53 got sent to 127.0.0.1 port > 2343, but nothing there was listening. If you want to disable it type, > sysctl net.inet.udp.log_in_vain=0 Hiding an error condition by not logging it does not make the error condition go away. Due to massive slow downs in high level (ie, root) nameservers the timeout's used by the libc resolver should be tweaked. On our mx machines we are seeing anyplace from 1/s to 20/s of these, and that means if we had only waited slightly longer we could have probably saved yet another packet from the internet. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007232258.PAA46731>