Hello,
On Thu, 6 Dec 2001, Paul Chvostek wrote: > > For the fun of it, I turned on log_in_vain. And I'm seeing *lots* of > stuff one might expect (port scans, Nimda poking at my mail server, > SMTP to the web server, etc). But I'm also seeing stuff I don't expect, > primarily in the areas of DNS and localhost traffic. For example: > > Dec 6 08:15:39 schplict /kernel: Connection attempt to UDP 216.126.86.8:1262 from >216.126.86.2:53 > > and > > Dec 6 08:35:37 haggis /kernel: Connection attempt to UDP 216.126.86.9:1044 from >216.126.86.2:53 > > and > > Dec 6 08:34:44 haggis /kernel: Connection attempt to UDP 127.0.0.1:512 from >127.0.0.1:1054 > Dec 6 08:34:44 haggis /kernel: Connection attempt to UDP 127.0.0.1:512 from >127.0.0.1:1058 > Dec 6 08:34:44 haggis /kernel: Connection attempt to UDP 127.0.0.1:512 from >127.0.0.1:1063 > Dec 6 08:34:45 haggis /kernel: Connection attempt to UDP 127.0.0.1:512 from >127.0.0.1:1067 > > The host at 216.126.86.2 is the first nameserver in the resolv.conf of > the both haggis and schplict. It looks to me as if the name server is > sending responses back to DNS queries which for some reason haven't > waited around. because of request timeout. > And as far as I know I'm not running biff on haggis. The frequency of > the hits makes it look as if it's running something every time ... > something ... gets launched. But biff's not in any .profile, .cshrc or > .login. So I'm left scratching my head. man 8 mail.local will help. > Can anybody shed some light on this? -- Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer phone: +7 (095) 796-9079, mailto: [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
