Date: Fri, 19 Mar 1999 15:56:57 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: alphen@craxx.com Cc: <freebsd-security@freebsd.org> Subject: RE: unknown connection attempts from localhost Message-ID: <19990319025828.EDWZ3226200.mta2-rme@wocker> In-Reply-To: <000001be7191$b78e5e70$0a0010ac@ren.craxx.com> References: <19990318182128.MNSH682101.mta1-rme@wocker>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 Mar 99, at 23:50, laurens van alphen wrote: > Hi, > > We see those too: > > > [snip] Connection attempt to UDP 127.0.0.1:1645 from 127.0.0.1:53 > > [snip] Connection attempt to UDP 127.0.0.1:1739 from 127.0.0.1:53 > > That's bind for sure, dunno why it's sending UDP packets to random >1024 > ports. Note that the 'connection attempt' is misleading: UDP is > connectionless. Could this be a reply from query started on port > 1024? > Anyone bothered to ask someone at the ISC? I guess I should if I can't figure it out. > > [snip] Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2191 > > [snip] Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:2192 > > Using procmail as LDA? No, I'm not using procmail. What's LDA? >(maybe others have this behaviour as well) It's > the biff mail notification protocol. Stock FreeBSD (3.1-R at least) has a > mail notification daemon on port 512 (biff). You probably turned off the > biff > daemon in inetd.conf, you should! (on a nameserver at least) Yes, it is turned off. Well, there is no reference to biff in my inetd.conf. > Three options here: > > 1. fix your LDA > 2. choose another LDA > 3. live with it (that's what we do) Guess 1 and 2 are out as I'm not using procmail. -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990319025828.EDWZ3226200.mta2-rme>