HPE Community
Operating System - HP-UX
1754952 Members
2987 Online
108827 Solutions
New Discussion юеВ

Re: UDP services not resolving numeric IP addresses

 
SOLVED
Go to solution
Gus Larsson
Advisor

тАО10-17-2001 10:27 AM

тАО10-17-2001 10:27 AM

UDP services not resolving numeric IP addresses

Hi, I have been having a problem in which udp services (like tftp and bootp) don't do hostname lookups, while tcp services (e.g., ftp, login) do. Here is some output from syslog, with names changed to protect the innocent. It shows an ftp from one computer into itself, then a similar tftp access, then another ftp. Does anyone know why the udp services would not do the lookup - i.e., report that the hostname is "unknown"?

Oct 17 14:13:54 MyHP inetd[17637]: ftp/tcp: Connection from MyHP (###.###.###.###) at Wed Oct 17 14:13:54 2001
Oct 17 14:13:54 MyHP ftpd[17637]: connect from MyHP.MyDomain.com
Oct 17 14:13:59 MyHP ftpd[17637]: FTP LOGIN FROM MyHP.MyDomain.com [###.###.###.###], Auser
Oct 17 14:14:01 MyHP ftpd[17637]: FTP session closed

Oct 17 14:14:13 MyHP inetd[17664]: tftp/udp: Connection from unknown (###.###.###.###) at Wed Oct 17 14:14:13 2001

Oct 17 14:14:21 MyHP inetd[17667]: ftp/tcp: Connection from MyHP (###.###.###.###) at Wed Oct 17 14:14:21 2001
Oct 17 14:14:21 MyHP ftpd[17667]: connect from MyHP.MyDomain.com
Oct 17 14:14:26 MyHP ftpd[17667]: FTP LOGIN FROM MyHP.MyDomain.com [###.###.###.###], Auser
Oct 17 14:14:28 MyHP ftpd[17667]: FTP session closed

Thanks,
Gus Larsson
0 Kudos
Reply
7 REPLIES 7
Gus Larsson
Advisor

тАО10-17-2001 10:29 AM

тАО10-17-2001 10:29 AM

Re: UDP services not resolving numeric IP addresses

I suppose I should give some system information. The system in question is a J5600 with HP-UX 11.0. This problem has been happening since the day I uncrated this machine.
0 Kudos
Reply
Gus Larsson
Advisor

тАО10-17-2001 11:07 AM

тАО10-17-2001 11:07 AM

Re: UDP services not resolving numeric IP addresses

Let me assure you that "###.###.###.###" represents the same IP addy in each line in the example. I generated the example myself by doing something like:
ftp MyHP
(...login sequence begins & I log in & quit)
tftp MyHP
(...prompt appears and I download a text file & quit)
ftp MyHP
(...login sequence begins & I log in & quit).

Thanks for any insights.
0 Kudos
Reply
Eugen Cocalea
Respected Contributor

тАО10-17-2001 11:13 PM

тАО10-17-2001 11:13 PM

Re: UDP services not resolving numeric IP addresses

Hi,

Maybe you have a filter (ie firewall rule) for udp packets for DNS port on the DNS server? Or the DNS doesn't serve UDP request at all.

E.
To Live Is To Learn
0 Kudos
Reply
Boudewijn
Occasional Contributor

тАО10-18-2001 12:38 AM

тАО10-18-2001 12:38 AM

Re: UDP services not resolving numeric IP addresses

Hi,

HAve you checked your /etc/services file to see if this line:
tftp 69/udp

isn't commented out?

Boudewijn
0 Kudos
Reply
Gus Larsson
Advisor

тАО10-18-2001 06:34 AM

тАО10-18-2001 06:34 AM

Re: UDP services not resolving numeric IP addresses

Thanks for the responses. I neglected to mention that the udp services *do* in fact work - my users' X-terms can download their boot files from my workstation via tftp and bootp over the LAN. I also neglected to mention that I have several HP-UX 10.20 workstations (configured in as close to the same way as possible as the 11.0 machines) on which the udp services *do* perform successful hostname lookups. All the workstations have identical nsswitch.conf, resolv.conf and /etc/hosts files, and I specify to try the local /etc/hosts file first on lookups, and the hosts file has the correct IP/hostname mappings. So it doesn't appear to be a DNS issue or that the tftp/udp service is commented out. Thanks anyway.

My main problem is that it makes scanning the syslog for hack attempts difficult when there are so many "unknown" hosts connecting to my 11.0 systems every day. Also, the inability to do hostname lookups means that I have to specify numeric IP addresses in my inetd.sec file and can't use the local DHCP services.
0 Kudos
Reply
Ralf Hildebrandt
Valued Contributor

тАО10-19-2001 12:35 AM

тАО10-19-2001 12:35 AM

Solution

Re: UDP services not resolving numeric IP addresses

a) addresses in UDP packets can be easily forged, since UDP services are connectionless
b) If you want better logging and finer grained control, install tcp_wrappers.
c) If you want even more logging of network traffic, install snort (www.snort.org), a free IDS that can monitor the traffic for your (and can also log the worthless UDP dsender IP address if you like)
Postfix/BIND/Security/IDS/Scanner, you name it...
Reply
Gus Larsson
Advisor

тАО10-19-2001 05:11 AM

тАО10-19-2001 05:11 AM

Re: UDP services not resolving numeric IP addresses

Excellent, Ralf! A few comments on your list, though:

a) True, point taken.

b) Geez, I figured tcp_wrappers were only for tcp services. Now I have re-read the docs, I see otherwise. So much for truth-in-advertising!

c) No comment.

What Ralf suggested (that I use tcp_wrappers) will certainly solve my problem, but I am still convinced that there is a bug in the works. If you look at my original post, you can see that it is INETD that is doing (or not doing) the initial hostname lookups. Why does it do it for ftp/tcp but not tftp/udp? I guess I'll never know. But I don't need to, now. (Even if HP has decided not to do hostname lookups for UDP services for the reason Ralf mentions in (a), I think it should at least be documented somewhere!).

Thanks for all the replies everyone
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.