Re: strange connection attempts

• Previous message: FreeBSD bugmaster: "Current problem reports assigned to you"
• In reply to: Sêrêciya Kurdistanî: "Re: strange connection attempts"
• Next in thread: Crist J. Clark: "Re: strange connection attempts"
• Reply: Crist J. Clark: "Re: strange connection attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 14 Apr 2003 21:44:31 +0200
From: GiZmen <gizmen@pals.one.pl>
To: freebsd-security@FreeBSD.ORG

> Hello,
>
> > And i have plenty of strange connection attempts on udp protocol
> >
> > Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53
> > Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53
> > Connection attempt to UDP xx.xx.x.xxx:12545 from 192.42.93.36:53
> > Apr 13 23:56:54 pals /kernel: Connection attempt to UDP xx.xx..xxx:12545 from 192.42.93.36:53
> > Connection attempt to UDP xx.xx.x.xxx:44308 from 192.42.93.36:53
> >
> > i know that those connections are from dns but why kernel logs such thing.
> > I have statufull firewall and all trafic to any port on UDP protocol are deny and
> > only those UDP datagrams from my resolver are passed back through dynamics rules.
>
> Which is your ip address? the "xxx" or the 192.42.93.36?
>
> If you're address is the "xxx" then you're fine. DNS often uses the udp
> protocol.
>
> However, if it's the other way around and your address is 192.42...
> then, it means that the upstream DNS server is trying to get updates from
> you.
>
> Are you running a DNS server yourself?
---end quoted text---

my address is "xxx" and 192.43..... is an expamle address of dns server.

I know that dns use an udp protocol but is it normal to have these connection
attempts??

Im running only local dnscache (from djbdns) on my box. I don have any dnsserver.
I have plenty of such connections from dns servers, and i turned of sysctl
net.inet.udp.log_in_vain=0
because this starts to annoy me :(

-- 
Best Regards:
		GiZmen
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: FreeBSD bugmaster: "Current problem reports assigned to you"
• In reply to: Sêrêciya Kurdistanî: "Re: strange connection attempts"
• Next in thread: Crist J. Clark: "Re: strange connection attempts"
• Reply: Crist J. Clark: "Re: strange connection attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Added router, lost web site ... Did your ISP create a DNS record for your FQDN? ... > really have a direct connection. ... > Internet connection information: ... > Preferred DNS server: someisp DNS server address ... (microsoft.public.windows.server.sbs) Re: CEICW & software updates... ... calling pdispPPPBag->QueryInterface. ... DNS returned ok. ... Call to Clearing DNS server entries on the LAN NIC returned ok. ... Ethernet adapter Server Local Area Connection: ... (microsoft.public.windows.server.sbs) Re: Internet connection wizard ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... calling CNetCommit::ValidateRouterConnectionProperties. ... Call to Reading preferred DNS server IP returned ok. ... (microsoft.public.windows.server.sbs) Re: CEICW & software updates... ... I would suggest using Direct Broadband Connection. ... The DSL router does connect directly to the internet. ... >>> DNS returned ok. ... >>> Call to Clearing DNS server entries on the LAN NIC returned ok. ... (microsoft.public.windows.server.sbs) Re: CEICW & software updates... ... calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag, ... DNS returned ok. ... Call to Clearing DNS server entries on the LAN NIC returned ok. ... Ethernet adapter Server Local Area Connection: ... (microsoft.public.windows.server.sbs)