From owner-freebsd-security  Mon Jul 24 12:16:16 2000
Delivered-To: freebsd-security@freebsd.org
Received: from gollum.esys.ca (dhcp198-59.esys.ca [198.161.92.59])
	by hub.freebsd.org (Postfix) with ESMTP id DD92437B87C
	for <security@FreeBSD.ORG>; Mon, 24 Jul 2000 12:16:06 -0700 (PDT)
	(envelope-from lyndon@messagingdirect.com)
Received: from gollum.esys.ca (localhost [127.0.0.1])
	by gollum.esys.ca (8.10.2/8.10.2) with ESMTP id e6OJG4V01113;
	Mon, 24 Jul 2000 13:16:04 -0600 (MDT)
Date: Mon, 24 Jul 2000 13:16:03 -0600
From: Lyndon Nerenberg <lyndon@messagingdirect.com>
To: Gerhard Sittig <Gerhard.Sittig@gmx.net>, security@FreeBSD.ORG
Subject: Re: What does this mean and how do I stop it ?
Message-ID: <144260000.964466163@gollum.esys.ca>
In-Reply-To: <20000724192915.Z24476@speedy.gsinet>
X-Mailer: Mulberry/2.0.1a3 (Linux/x86 Demo)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--On 07/24/00 19:29:15 +0200 Gerhard Sittig <Gerhard.Sittig@gmx.net> 
wrote:

> On Mon, Jul 24, 2000 at 08:56 +1000, Stanley Hopcroft wrote:
>>
>> These entries appear frequently in the daily security report of
>> a FreeBSD 4.0-RELEASE machine (Bind 8.2.x)
>>
>> > Connection attempt to UDP 127.0.0.1:2343 from 127.0.0.1:53
>
> I don't care if everybody's telling you it's DNS *lookup* -- I
> feel this is something different, since it's going *from* port 53
> *to* something random(?).

If you have 'nameservers 127.0.0.1' in /etc/resolv.conf then this is 
probably named answering a DNS lookup request from a local process.

--lyndon


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message