Problem with DNS (UDP) queries
Jez Hancock
jez.hancock at munk.nu
Fri Jan 9 06:50:01 PST 2004
On Fri, Jan 09, 2004 at 05:32:20PM +0300, freebsd at tern.ru wrote:
> Hi all
>
> I am trying to get rid of strings:
> kernel: Connection attempt to UDP FREEBSD_IP:port from DNSSERVER_IP:53
> on my console and in log file
>
> I understand that those are replies on DNS queries that for some reason
> took too long time to be answered.
> I do not want to turn off the "log in vain" feature.
>
> As these strings fill up my log I am afraid to miss some sensitive
> messages (e.g. hacker's attack :)
>
> I'm using FreeBSD 5.1 with ipfw2 that allows via static rules both
> DNS queries and DNS replies.
>
> The main application that generates queries is sendmail.
>
> What can be done?
I believe those messages are generated if the following sysctl flag is
set:
net.inet.udp.log_in_vain
you can disable it by executing:
sysctl net.inet.udp.log_in_vain=0
on the commandline.
Obviously though this will disable logging of all vain connection attempts using
the udp protocol. However if you have ipfw set up to log such attempts,
you don't really need that sysctl flag set anyway.
See also the tcp equivalant flag:
net.inet.tcp.log_in_vain
also see the manpage for rc.conf(5) regarding the log_in_vain rc.conf
setting.
--
Jez Hancock
- System Administrator / PHP Developer
http://munk.nu/
http://jez.hancock-family.com/ - personal weblog
http://ipfwstats.sf.net/ - ipfw peruser traffic logging
More information about the freebsd-security
mailing list