From owner-freebsd-security  Mon Jul 24 16:14:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from racine.cybercable.fr (racine.cybercable.fr [212.198.0.201])
	by hub.freebsd.org (Postfix) with SMTP id 2B3C037BD22
	for <security@FreeBSD.ORG>; Mon, 24 Jul 2000 16:14:33 -0700 (PDT)
	(envelope-from clefevre@citeweb.net)
Received: (qmail 3713022 invoked from network); 24 Jul 2000 23:14:29 -0000
Received: from r227m167.cybercable.tm.fr (HELO gits.dyndns.org) ([195.132.227.167]) (envelope-sender <clefevre@citeweb.net>)
          by racine.cybercable.fr (qmail-ldap-1.03) with SMTP
          for <Gerhard.Sittig@gmx.net>; 24 Jul 2000 23:14:29 -0000
Received: (from root@localhost)
	by gits.dyndns.org (8.9.3/8.9.3) id BAA32590;
	Tue, 25 Jul 2000 01:14:29 +0200 (CEST)
	(envelope-from clefevre@citeweb.net)
To: Lyndon Nerenberg <lyndon@messagingdirect.com>
Cc: Gerhard Sittig <Gerhard.Sittig@gmx.net>, security@FreeBSD.ORG
Subject: Re: What does this mean and how do I stop it ?
References: <144260000.964466163@gollum.esys.ca>
X-Face: V|+c;4!|B?E%BE^{E6);aI.[<<r#uCVjK"~Ke!@0vxS/.,wki/c|uVnNV!BA-_gY2sfoGc3
        f{#/$PT>97Zd*>^#%Y5Cxv;%Y[PT-LW3;A:fRrJ8+^k"e7@+30g0YD0*^^3jgyShN7o?a]C
        la*Zv'5NA,=963bM%J^o]C
Reply-To: Cyrille Lefevre <clefevre@citeweb.net>
From: Cyrille Lefevre <clefevre@citeweb.net>
In-Reply-To: Lyndon Nerenberg's message of "Mon, 24 Jul 2000 13:16:03 -0600"
Date: 25 Jul 2000 01:14:28 +0200
Message-ID: <bsznglyj.fsf@gits.dyndns.org>
Lines: 26
User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Canyonlands)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Lyndon Nerenberg <lyndon@messagingdirect.com> writes:

> --On 07/24/00 19:29:15 +0200 Gerhard Sittig <Gerhard.Sittig@gmx.net>
> wrote:
> 
> > On Mon, Jul 24, 2000 at 08:56 +1000, Stanley Hopcroft wrote:
> >>
> >> These entries appear frequently in the daily security report of
> >> a FreeBSD 4.0-RELEASE machine (Bind 8.2.x)
> >>
> >> > Connection attempt to UDP 127.0.0.1:2343 from 127.0.0.1:53
> >
> > I don't care if everybody's telling you it's DNS *lookup* -- I
> > feel this is something different, since it's going *from* port 53
> > *to* something random(?).
> 
> If you have 'nameservers 127.0.0.1' in /etc/resolv.conf then this is
> probably named answering a DNS lookup request from a local process.

well. except by setting log_in_vain to zero. is there another way to
get rid of those messages ? if not, log_in_vain is meaningless if
we have to set it to zero to get rid of those messages, no ?

Cyrille.
--
home: mailto:clefevre@citeweb.net work: mailto:Cyrille.Lefevre@edf.fr


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message