Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Mar 1999 15:56:57 +1300
From:      "Dan Langille" <>
Cc:        <>
Subject:   RE: unknown connection attempts from localhost
Message-ID:  <19990319025828.EDWZ3226200.mta2-rme@wocker>
In-Reply-To: <000001be7191$b78e5e70$>
References:  <19990318182128.MNSH682101.mta1-rme@wocker>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 18 Mar 99, at 23:50, laurens van alphen wrote:

> Hi,
> We see those too:
> > [snip] Connection attempt to UDP from
> > [snip] Connection attempt to UDP from
> That's bind for sure, dunno why it's sending UDP packets to random >1024
> ports. Note that the 'connection attempt' is misleading: UDP is
> connectionless.

Could this be a reply from query started on port > 1024?

> Anyone bothered to ask someone at the ISC?

I guess I should if I can't figure it out.

> > [snip] Connection attempt to UDP from
> > [snip] Connection attempt to UDP from
> Using procmail as LDA?

No, I'm not using procmail.  What's LDA?

>(maybe others have this behaviour as well) It's
> the biff mail notification protocol. Stock FreeBSD (3.1-R at least) has a
> mail notification daemon on port 512 (biff). You probably turned off the
> biff
> daemon in inetd.conf, you should! (on a nameserver at least)

Yes, it is turned off.  Well, there is no reference to biff in my 

> Three options here:
> 1. fix your LDA
> 2. choose another LDA
> 3. live with it (that's what we do)

Guess 1 and 2 are out as I'm not using procmail.

Dan Langille
The FreeBSD Diary

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <>