sshd doing dns queries on localhost?
Fernando Schapachnik
fernando at mecon.gov.ar
Mon May 26 09:33:12 PDT 2003
Hi,
I noted on my 4.7 machines that when a ssh conection is made, the
following PTR query happens (10.11.1.11 is the src address in the example):
13:23:21.120290 PUBLIC_IP.4523 > PUBLIC_IP.53: 52788+ PTR?
11.1.11.10.in-addr.arpa. (41)
13:23:21.120517 PUBLIC_IP.4524 > PUBLIC_IP.53: 52788+ PTR?
11.1.11.10.in-addr.arpa. (41)
13:23:21.120683 PUBLIC_IP.4525 > PUBLIC_IP.53: 52788+ PTR?
11.1.11.10.in-addr.arpa. (41)
13:23:21.120784 PUBLIC_IP.4526 > PUBLIC_IP.53: 52788+ PTR?
11.1.11.10.in-addr.arpa. (41)
This is very weird because resolv.conf points to another server. Also,
the capture is from lo0.
Not that I see a security problem here (just the annoyance of this
filling my log_in_vain logs), but I'm curious about the reason; at least didn't
find any clue looking at source.
May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4523
May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4524
May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4525
May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4526
Thanks for any pointer!
Regards!
Fernando.
More information about the freebsd-security
mailing list