Skip site navigation (1)Skip section navigation (2) 
Date:      27 Oct 2002 13:15:02 +0000
From:      Stacey Roberts <stacey@Demon.vickiandstacey.com>
To:        FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject:   FBSD 4.7 reset itself - lots of "DENY UDP" messages in /var/log/security
Message-ID:  <1035724504.394.12.camel@Demon.vickiandstacey.com>
next in thread | raw e-mail | index | archive | help 

--=-nC0rHnLHn/ZgPai6/1LX
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hello,
     Within the last few minutes, my FreeBSD g'way reset itself.=20

On coming up, I checked all available logs, and found the following in
/var/log/security:
Oct 27 12:59:22 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
192.33.4.12:53 out via sis0
Oct 27 12:59:30 Demon last message repeated 8 times
Oct 27 12:59:34 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
192.112.36.4:53 out via sis0
Oct 27 12:59:36 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
192.112.36.4:53 out via sis0
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1077
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1076
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1075
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1074
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1073
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1071
from 127.0.0.1:53
Oct 27 12:59:36 Demon /kernel: Connection attempt to UDP 127.0.0.1:1072
from 127.0.0.1:53
Oct 27 12:59:38 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
128.63.2.53:53 out via sis0
Oct 27 12:59:42 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
128.9.0.107:53 out via sis0
Oct 27 12:59:44 Demon /kernel: Connection attempt to UDP 127.0.0.1:1078
from 127.0.0.1:53
Oct 27 12:59:46 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
193.0.14.129:53 out via sis0
<Messages repeated here - snip>
Oct 27 13:00:06 Demon /kernel: ipfw: 910 Deny UDP 192.168.1.8:53
192.5.5.241:53 out via sis0
#

I recognised the remote addresses to be those of DNS root servers, to
verify:
# nslookup 192.203.230.10
Server:  localhost.vickiandstacey.com
Address:  127.0.0.1

Name:    E.ROOT-SERVERS.NET
Address:  192.203.230.10
#

Here's what I've got from running last:
Demon# last
stacey           ttyp0    :0               Sun Oct 27 12:57   still
logged in
stacey           ttyv0                     Sun Oct 27 12:56   still
logged in
reboot           ~                         Sun Oct 27 12:56
stacey           ttyp2    :0               Sun Oct 27 00:52 - 01:18=20
(00:25)
stacey           ttyp0    :0               Sun Oct 27 00:18 - crash=20
(13:37)
stacey           ttyp2    :0               Sat Oct 26 21:15 - 00:15=20
(03:00)
stacey           ttyp2    :0               Fri Oct 25 20:59 - 23:02=20
(02:02)
stacey           ttyp2    :0               Fri Oct 25 19:45 - 20:25=20
(00:40)
stacey           ttyp1    :0               Wed Oct 23 22:50 - 23:19=20
(00:29)
stacey           ttyp0    :0               Wed Oct 23 22:41 - 00:15
(3+01:34)

Is anyone able to point me to what went wrong here? I suspect its got
something to do with the tons of ipfw DENY messages, but I wouldn't know
where to start with this.

Here's the uname:
# uname -a
FreeBSD De<snip> 4.7-STABLE FreeBSD 4.7-STABLE #0: Sat Oct 12 10:04:03
BST 2002     root@<snip>.vickiandstacey.com:/usr/obj/usr/src/sys/FALCON=20
i386
#=20

I'm running named in a sandbox here, and would have thought that this
set-up would have prevented a crash of this nature (if it is indeed that
the crash is related to DNS)

Anything that you need, please let me know.

TIA
Stacey
--=20
Stacey Roberts
B.Sc (HONS) Computer Science

Web: www.vickiandstacey.com


--=-nC0rHnLHn/ZgPai6/1LX
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQEVAwUAPbvm1ZvQeubckvvXAQEBAAf/VClgVw8OMHxSyxZnrgoCMfPKUV1Kn2jS
WhR5MMS0+LYmvLm3tBSDmdDT92SjnaPuFIyaVxUp08cnkhPOwEp2FssZg83gEUN1
wIhTL42B0Z3FuIpHa70M+1qrjiP+dywm36tgU4B4MBxDZEJCZQ2v2LmDdoc4DEpi
ZNNAsHUR92cZHgsIOyTVDkWj0qmoaOogURDiwbEPbtzG0qPVZBkivf+tzsesXCN3
BVCxoCRk1nX3mnDzKW/kObsQBtjvlW+KfS3ZVgDMpINAhyBFIVHNW/wYJHCtqoJm
TtY5lHg0bW9YlwJ/hnto6J9ffgQ0S4lQNwN8sxxgU8sIp3kOqH5d5g==
=Korv
-----END PGP SIGNATURE-----

--=-nC0rHnLHn/ZgPai6/1LX--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1035724504.394.12.camel>