sshd doing dns queries on localhost?
Nickolay A. Kritsky
nkritsky at internethelp.ru
Mon May 26 10:06:32 PDT 2003
Hello Fernando,
FAQ.
for example see
;-------
http://www.freebsd.org/cgi/search.cgi?words=sshd+resolv.conf+privsep&max=25&sort=score&index=all&source=freebsd-security
;-------
(URL can be wrapped)
Monday, May 26, 2003, 8:32:55 PM, you wrote:
FS> Hi,
FS> I noted on my 4.7 machines that when a ssh conection is made, the
FS> following PTR query happens (10.11.1.11 is the src address in the example):
FS> 13:23:21.120290 PUBLIC_IP.4523 > PUBLIC_IP.53: 52788+ PTR?
FS> 11.1.11.10.in-addr.arpa. (41)
FS> 13:23:21.120517 PUBLIC_IP.4524 > PUBLIC_IP.53: 52788+ PTR?
FS> 11.1.11.10.in-addr.arpa. (41)
FS> 13:23:21.120683 PUBLIC_IP.4525 > PUBLIC_IP.53: 52788+ PTR?
FS> 11.1.11.10.in-addr.arpa. (41)
FS> 13:23:21.120784 PUBLIC_IP.4526 > PUBLIC_IP.53: 52788+ PTR?
FS> 11.1.11.10.in-addr.arpa. (41)
FS> This is very weird because resolv.conf points to another server. Also,
FS> the capture is from lo0.
FS> Not that I see a security problem here (just the annoyance of this
FS> filling my log_in_vain logs), but I'm curious about the reason; at least didn't
FS> find any clue looking at source.
FS> May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4523
FS> May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4524
FS> May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4525
FS> May 26 13:23:21 X /kernel: Connection attempt to UDP PUBLIC_IP:53 from PUBLIC_IP:4526
FS> Thanks for any pointer!
FS> Regards!
FS> Fernando.
FS> _______________________________________________
FS> freebsd-security at freebsd.org mailing list
FS> http://lists.freebsd.org/mailman/listinfo/freebsd-security
FS> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
;-------------------------------------------
; NKritsky
; mailto:nkritsky at internethelp.ru
More information about the freebsd-security
mailing list