From owner-freebsd-security Mon Jul 24 11:39:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 1A52837BE27 for ; Mon, 24 Jul 2000 11:39:34 -0700 (PDT) (envelope-from Gerhard.Sittig@gmx.net) Received: (qmail 10382 invoked by uid 0); 24 Jul 2000 18:39:28 -0000 Received: from p3e9c3563.dip.t-dialin.net (HELO speedy.gsinet) (62.156.53.99) by mail.gmx.net with SMTP; 24 Jul 2000 18:39:28 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id TAA22263 for security@freebsd.org; Mon, 24 Jul 2000 19:29:15 +0200 Date: Mon, 24 Jul 2000 19:29:15 +0200 From: Gerhard Sittig To: security@freebsd.org Subject: Re: What does this mean and how do I stop it ? Message-ID: <20000724192915.Z24476@speedy.gsinet> Mail-Followup-To: security@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from Stanley.Hopcroft@IPAustralia.Gov.AU on Mon, Jul 24, 2000 at 08:56:04AM +1000 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jul 24, 2000 at 08:56 +1000, Stanley Hopcroft wrote: > > These entries appear frequently in the daily security report of > a FreeBSD 4.0-RELEASE machine (Bind 8.2.x) > > > Connection attempt to UDP 127.0.0.1:2343 from 127.0.0.1:53 I don't care if everybody's telling you it's DNS *lookup* -- I feel this is something different, since it's going *from* port 53 *to* something random(?). So this could be some kind of DNS wakeup signal for secondaries ("notification", but I don't believe it since there's probably noone listening and there's no point in having localhost as localhost's secondary:). Or maybe more probably it's a DNS _answer_ but it's arriving too late to find the asking part listening? I'm not convinced by the other replies. :) But it's clear that you only notice them since log_in_vain is set. Although the only log entry I get with this is biff triggering at every email delivery (port 512). If you feel that bind is too slow or too aggressive when putting burdon on your machine you might want to have a look at dnscache (which was renamed lately to djbdns). It can be found in the ports. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message