Date: Sun, 1 Feb 2004 14:53:13 -0500 From: "Matt Emmerton" <matt@gsicomp.on.ca> To: =?ISO-8859-2?Q?Kov=E1cs_P=E9ter?= <kovacspeter2@freemail.hu>, <freebsd-stable@freebsd.org> Subject: Re: DNS problem Message-ID: <001701c3e8fd$0727e1d0$1200a8c0@gsicomp.on.ca> References: <freemail.20040101190659.87377@fm5.freemail.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, > > I have two important questions concerning to FreeBSD. > > a. I have a Windows 2000 based Domain Name server. > Now this server always sends UDP connections to my FreeBSD box, but > I don't know why. The FreeBSD has two IP's, but this Windows > computer only sends these connections to one of the IP addresses. He > leaves alone the other one… How could this be? > Connection attempt to UDP FreeBSD_Box:1140 from Windows2000:53 > Connection attempt to UDP FreeBSD_Box:1142 from Windows2000:53 > Connection attempt to UDP FreeBSD_Box:1144 from Windows2000:53 > Connection attempt to UDP FreeBSD_Box:1689 from Windows2000:53 Port 53 is DNS. Which server in your organization is acting as a DNS server? If Windows is your DNS server, then it could be that your FreeBSD machine is trying to send UDP queries to your Windows box (to look up domain names). If you only have one network card in your FreeBSD box, then FreeBSD will always send outgoing packets with the primary IP of the network card (not using any of the aliased IPs.) This could be why you only see this kind of traffic with one IP address. > b. I usually get these refused connections, although I don't have a > username called 'webmaster'? How could this be? Why people try to > use the 'webmaster' user? > mail saslauthd[237]: AUTHFAIL: user=webmaster service=smtp realm= > [PAM auth error] > mail saslauthd[235]: AUTHFAIL: user=webmaster service=smtp realm= > [Null login/password (saslauthd)] It looks like someone is trying to relay spam through your organizations's mail servers, and is attempting to authenticate using the "webmaster" username. -- Matt Emmerton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001701c3e8fd$0727e1d0$1200a8c0>