Date: 27 Oct 2002 13:15:02 +0000 From: Stacey Roberts <stacey@Demon.vickiandstacey.com> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: FBSD 4.7 reset itself - lots of "DENY UDP" messages in /var/log/security Message-ID: <1035724504.394.12.camel@Demon.vickiandstacey.com>
next in thread | raw e-mail | index | archive | help
--=-nC0rHnLHn/ZgPai6/1LX Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, Within the last few minutes, my FreeBSD g'way reset itself.=20 On coming up, I checked all available logs, and found the following in /var/log/security: Oct 27 12:59:22 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 192.33.4.12:53 out via sis0 Oct 27 12:59:30 Demon last message repeated 8 times Oct 27 12:59:34 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 192.112.36.4:53 out via sis0 Oct 27 12:59:36 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 192.112.36.4:53 out via sis0 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1077 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1076 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1075 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1074 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1073 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1071 from 127.0.0.1:53 Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1072 from 127.0.0.1:53 Oct 27 12:59:38 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 128.63.2.53:53 out via sis0 Oct 27 12:59:42 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 128.9.0.107:53 out via sis0 Oct 27 12:59:44 Demon /kernel: Connection attempt to UDP 127.0.0.1:1078 from 127.0.0.1:53 Oct 27 12:59:46 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 193.0.14.129:53 out via sis0 <Messages repeated here - snip> Oct 27 13:00:06 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53 192.5.5.241:53 out via sis0 # I recognised the remote addresses to be those of DNS root servers, to verify: # nslookup 192.203.230.10 Server: localhost.vickiandstacey.com Address: 127.0.0.1 Name: E.ROOT-SERVERS.NET Address: 192.203.230.10 # Here's what I've got from running last: Demon# last stacey ttyp0 :0 Sun Oct 27 12:57 still logged in stacey ttyv0 Sun Oct 27 12:56 still logged in reboot ~ Sun Oct 27 12:56 stacey ttyp2 :0 Sun Oct 27 00:52 - 01:18=20 (00:25) stacey ttyp0 :0 Sun Oct 27 00:18 - crash=20 (13:37) stacey ttyp2 :0 Sat Oct 26 21:15 - 00:15=20 (03:00) stacey ttyp2 :0 Fri Oct 25 20:59 - 23:02=20 (02:02) stacey ttyp2 :0 Fri Oct 25 19:45 - 20:25=20 (00:40) stacey ttyp1 :0 Wed Oct 23 22:50 - 23:19=20 (00:29) stacey ttyp0 :0 Wed Oct 23 22:41 - 00:15 (3+01:34) Is anyone able to point me to what went wrong here? I suspect its got something to do with the tons of ipfw DENY messages, but I wouldn't know where to start with this. Here's the uname: # uname -a FreeBSD De<snip> 4.7-STABLE FreeBSD 4.7-STABLE #0: Sat Oct 12 10:04:03 BST 2002 root@<snip>.vickiandstacey.com:/usr/obj/usr/src/sys/FALCON=20 i386 #=20 I'm running named in a sandbox here, and would have thought that this set-up would have prevented a crash of this nature (if it is indeed that the crash is related to DNS) Anything that you need, please let me know. TIA Stacey --=20 Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com --=-nC0rHnLHn/ZgPai6/1LX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUAPbvm1ZvQeubckvvXAQEBAAf/VClgVw8OMHxSyxZnrgoCMfPKUV1Kn2jS WhR5MMS0+LYmvLm3tBSDmdDT92SjnaPuFIyaVxUp08cnkhPOwEp2FssZg83gEUN1 wIhTL42B0Z3FuIpHa70M+1qrjiP+dywm36tgU4B4MBxDZEJCZQ2v2LmDdoc4DEpi ZNNAsHUR92cZHgsIOyTVDkWj0qmoaOogURDiwbEPbtzG0qPVZBkivf+tzsesXCN3 BVCxoCRk1nX3mnDzKW/kObsQBtjvlW+KfS3ZVgDMpINAhyBFIVHNW/wYJHCtqoJm TtY5lHg0bW9YlwJ/hnto6J9ffgQ0S4lQNwN8sxxgU8sIp3kOqH5d5g== =Korv -----END PGP SIGNATURE----- --=-nC0rHnLHn/ZgPai6/1LX-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1035724504.394.12.camel>