From owner-freebsd-security Thu Mar 18 14:51: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from studict.student.utwente.nl (studict.student.utwente.nl [130.89.220.2]) by hub.freebsd.org (Postfix) with ESMTP id 66F8315404 for ; Thu, 18 Mar 1999 14:50:57 -0800 (PST) (envelope-from lva@dds.nl) Received: from ren (ut127003.inbel.utwente.nl [130.89.127.3]) by studict.student.utwente.nl (8.8.6/MQT) with SMTP id XAA16206; Thu, 18 Mar 1999 23:50:27 +0100 (MET) Reply-To: From: "laurens van alphen" To: Cc: Subject: RE: unknown connection attempts from localhost Date: Thu, 18 Mar 1999 23:50:27 +0100 Message-ID: <000001be7191$b78e5e70$0a0010ac@ren.craxx.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <19990318182128.MNSH682101.mta1-rme@wocker> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, We see those too: > [snip] Connection attempt to UDP 127.0.0.1:1645 from 127.0.0.1:53 > [snip] Connection attempt to UDP 127.0.0.1:1739 from 127.0.0.1:53 That's bind for sure, dunno why it's sending UDP packets to random >1024 ports. Note that the 'connection attempt' is misleading: UDP is connectionless. Anyone bothered to ask someone at the ISC? > [snip] Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2191 > [snip] Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2192 Using procmail as LDA? (maybe others have this behaviour as well) It's the biff mail notification protocol. Stock FreeBSD (3.1-R at least) has a mail notification daemon on port 512 (biff). You probably turned off the biff daemon in inetd.conf, you should! (on a nameserver at least) Three options here: 1. fix your LDA 2. choose another LDA 3. live with it (that's what we do) Cheers, -- laurens van alphen, craxx alphen@craxx.com, http://craxx.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message