labrocca
Verified User
- Joined
- Mar 12, 2006
- Messages
- 130
This is a very consistent message in my logs (/var/log/messages). How do I firewall this out? I use ipfw and freebsd.
Here are my firewall rules:
Any help is appreciated.
EDIT: found out this is being caused by sysctl and the net.inet.udp.log_in_vain parameter being turned on. I have turned it off for now but would rather have it on and these packets dropped completely or firewalled. I count about 2 per second on my server.
Feb 20 20:24:50 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:54120
Feb 20 20:24:50 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:49660
Feb 20 20:24:50 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:49661
Feb 20 20:24:50 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:54594
Feb 20 20:25:02 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:59400
Feb 20 20:25:02 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:58385
Feb 20 20:25:13 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:65044
Feb 20 20:25:14 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:64506
Feb 20 20:25:19 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:60665
Feb 20 20:25:19 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:54429
Feb 20 20:25:19 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:52896
Feb 20 20:25:19 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:55425
Feb 20 20:25:19 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:61704
Feb 20 20:25:19 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:61705
Feb 20 20:25:19 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:61706
Feb 20 20:25:19 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:61707
Feb 20 20:25:25 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:51328
Feb 20 20:25:26 ns1 kernel: Connection attempt to UDP [::0001]:53 from [::0001]:65493
Here are my firewall rules:
#################################################
# ipfw Firewall Commands
#################################################
cmd="ipfw -q add"
ipfw -q -f flush
#################################################
# Allow Loopback and Deny Loopback Spoofing
#################################################
$cmd allow all from any to any via lo0
$cmd deny all from any to 127.0.0.0/8
$cmd deny all from 127.0.0.0/8 to any
$cmd deny tcp from any to any frag
#bad guys
$cmd deny ip from 217.160.240.78 to me
#################################################
# Stateful rules
#################################################
$cmd check-state
$cmd deny tcp from any to any established
$cmd allow all from any to any out keep-state
$cmd allow icmp from any to any
#################################################
# Incoming/Outgoing Services
#################################################
$cmd allow tcp from any to any 21 setup keep-state
$cmd allow tcp from any to any 22 setup keep-state
$cmd allow tcp from any to any 25 setup keep-state
$cmd allow tcp from any to any 53 setup keep-state
$cmd allow udp from any to any 53 keep-state
$cmd allow tcp from any to any 80 setup keep-state
$cmd allow tcp from any to any 110 setup keep-state
$cmd allow tcp from any to any 143 setup keep-state
$cmd allow tcp from any to any 443 setup keep-state
$cmd allow tcp from any to any 2222 setup keep-state
$cmd allow tcp from any to any 32555-32565 in setup keep-state
#################################################
# Deny and Log
#################################################
$cmd deny log all from any to any
Any help is appreciated.
EDIT: found out this is being caused by sysctl and the net.inet.udp.log_in_vain parameter being turned on. I have turned it off for now but would rather have it on and these packets dropped completely or firewalled. I count about 2 per second on my server.
Last edited: