From owner-freebsd-security  Wed Jun 16  0:58: 9 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 1EED615682
	for <security@FreeBSD.ORG>; Wed, 16 Jun 1999 00:58:06 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.1) id JAA77284;
	Wed, 16 Jun 1999 09:58:00 +0200 (CEST)
	(envelope-from des)
To: junkmale@xtra.co.nz
Cc: security@FreeBSD.ORG
Subject: Re: named timeouts
References: <19990615194828.ZOVN93999.mta1-rme@wocker>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 16 Jun 1999 09:57:59 +0200
In-Reply-To: "Dan Langille"'s message of "Wed, 16 Jun 1999 07:45:31 +1200"
Message-ID: <xzp909kefw8.fsf@flood.ping.uio.no>
Lines: 30
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

"Dan Langille" <junkmale@xtra.co.nz> writes:
> On my main machine, which is also running named, the daily security check 
> always has lots of these types of entries.  Typically there are about 50 a 
> day.  I think it's because a dns request has been started, but by the time 
> the reply arrives, the firewall has terminated that port connection (I'm 
> running ipfilter).

No, I don't think these messages come from named. I think they're log
messages from ipfilter telling you you didn't set up your firewall
correctly. You should have rules permitting all UDP traffic to and
*from* port 53. Actually, you should have a rule permitting all
traffic across lo0 no matter what.

> > Connection attempt to UDP 127.0.0.1:3282 from 127.0.0.1:53

This is named trying to reply to a query.

> > Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3363

This looks like comsat talking to biff.

> > Connection attempt to UDP 127.0.0.1:3373 from 127.0.0.1:53
> > Connection attempt to UDP 127.0.0.1:3378 from 127.0.0.1:53
> > Connection attempt to UDP 127.0.0.1:3380 from 127.0.0.1:53

This is named trying to reply to queries.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message