Re: sshd doing dns queries on localhost?

• Previous message: G.P. de Boer: "Re: sshd doing dns queries on localhost?"
• In reply to: Fernando Schapachnik: "sshd doing dns queries on localhost?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 26 May 2003 21:05:59 +0400
To: Fernando Schapachnik <fernando@mecon.gov.ar>

Hello Fernando,

FAQ.
for example see
;-------
http://www.freebsd.org/cgi/search.cgi?words=sshd+resolv.conf+privsep&max=25&sort=score&index=all&source=freebsd-security
;-------
(URL can be wrapped)

Monday, May 26, 2003, 8:32:55 PM, you wrote:

FS> Hi,
FS> I noted on my 4.7 machines that when a ssh conection is made, the
FS> following PTR query happens (10.11.1.11 is the src address in the example):

FS> 13:23:21.120290 PUBLIC_IP.4523 > PUBLIC_IP.53: 52788+ PTR?
FS> 11.1.11.10.in-addr.arpa. (41)
FS> 13:23:21.120517 PUBLIC_IP.4524 > PUBLIC_IP.53: 52788+ PTR?
FS> 11.1.11.10.in-addr.arpa. (41)
FS> 13:23:21.120683 PUBLIC_IP.4525 > PUBLIC_IP.53: 52788+ PTR?
FS> 11.1.11.10.in-addr.arpa. (41)
FS> 13:23:21.120784 PUBLIC_IP.4526 > PUBLIC_IP.53: 52788+ PTR?
FS> 11.1.11.10.in-addr.arpa. (41)

FS> This is very weird because resolv.conf points to another server. Also,
FS> the capture is from lo0.

FS> Not that I see a security problem here (just the annoyance of this
FS> filling my log_in_vain logs), but I'm curious about the reason; at least didn't
FS> find any clue looking at source.

FS> May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4523
FS> May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4524
FS> May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4525
FS> May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4526

FS> Thanks for any pointer!

FS> Regards!

FS> Fernando.
FS> _______________________________________________
FS> freebsd-security@freebsd.org mailing list
FS> http://lists.freebsd.org/mailman/listinfo/freebsd-security
FS> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

;-------------------------------------------
; NKritsky
; mailto:nkritsky@internethelp.ru

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: G.P. de Boer: "Re: sshd doing dns queries on localhost?"
• In reply to: Fernando Schapachnik: "sshd doing dns queries on localhost?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [2.6.16rc2] compile error ... To unsubscribe from this list: ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... Please read the FAQ at http://www.tux.org/lkml/ ... Copyright 2006 by Maurice Eugene Heskett, ... (Linux-Kernel) Administrivia: FAQ etc. ... Subject: Administrivia: FAQ etc. ... It contains information such as how to unsubscribe from the list and what ... Out of Office Autoreplies ... frustrating when you post to the list and get 50 out of office messages ... (Focus-Microsoft) Re: [patch 0/14] s3c2412/s3c2413 support ... implementations. ... To unsubscribe from this list: ... Please read the FAQ at http://www.tux.org/lkml/ ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... (Linux-Kernel) Re: [RFC v2][PATCH 4/9] Memory management - dump state ... joined with the live migration efforts of openvz? ... To unsubscribe from this list: send the line "unsubscribe linux- kernel" in ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... Please read the FAQ at http://www.tux.org/lkml/ ... (Linux-Kernel) Re: [BUILDFIX] byteorder: remove direct byteorder includes ... to the new byteorder implementation. ... To unsubscribe from this list: ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... Please read the FAQ at http://www.tux.org/lkml/ ... (Linux-Kernel)