Steve Jeppesen wrote:
>
[ snip ]
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 192.168.1.254:80 192.168.1.2:33449 ESTABLISHED
> tcp 0 0 192.168.1.254:80 192.168.1.2:33447 TIME_WAIT
> tcp 0 0 192.168.1.254:80 192.168.1.2:33446 TIME_WAIT
> tcp 0 0 192.168.1.254:80 192.168.1.2:33444 TIME_WAIT
> udp 0 0 24.118.176.137:52220 192.203.230.10:53 ESTABLISHED
> udp 0 0 24.118.176.137:43084 128.8.10.90:53 ESTABLISHED
> udp 0 0 24.118.176.137:21690 128.63.2.53:53 ESTABLISHED
> udp 0 0 24.118.176.137:34665 128.8.10.90:53 ESTABLISHED
> udp 0 0 24.118.176.137:30698 192.33.4.12:53 ESTABLISHED
> udp 0 0 24.118.176.137:31418 198.32.64.12:53 ESTABLISHED
> udp 0 0 24.118.176.137:40885 198.41.0.4:53 ESTABLISHED
> udp 0 0 24.118.176.137:22397 198.41.0.10:53 ESTABLISHED
> udp 0 0 24.118.176.137:48569 192.36.148.17:53 ESTABLISHED
> udp 0 0 24.118.176.137:18114 193.0.14.129:53 ESTABLISHED
> udp 0 0 24.118.176.137:39686 128.63.2.53:53 ESTABLISHED
> udp 0 0 24.118.176.137:53853 128.8.10.90:53 ESTABLISHED
> udp 0 0 24.118.176.137:55249 198.41.0.10:53 ESTABLISHED
> udp 0 0 24.118.176.137:35631 198.32.64.12:53 ESTABLISHED
> udp 0 0 24.118.176.137:24105 202.12.27.33:53 ESTABLISHED
> udp 0 0 24.118.176.137:13567 193.0.14.129:53 ESTABLISHED
> udp 0 0 24.118.176.137:19059 192.5.5.241:53 ESTABLISHED
> udp 0 0 24.118.176.137:13893 193.0.14.129:53 ESTABLISHED
[ snip ]
Let's slow down and look at this carefully.
I assume that 24.118.176.137 is your external address -- right?
Your external address is connecting to those foreign addresses on udp
port 53. udp port 53 is domain, aka dns. Interestingly enough, these
are the root dns servers:
128.8.10.90
128.63.2.53
128.9.0.107
192.5.5.241
192.33.4.12
192.36.148.17
192.112.36.4
192.203.230.10
193.0.14.129
198.32.64.12
198.41.0.4
198.41.0.10
202.12.27.33
These are those you listed, sorted and without duplicates:
128.8.10.90
128.63.2.53
192.5.5.241
192.33.4.12
192.36.148.17
192.203.230.10
193.0.14.129
198.32.64.12
198.41.0.4
198.41.0.10
202.12.27.33
Now, if you were using only attbi's dns servers that they assigned to
you, there is no reason that your system would be contacting them for
dns.
Therefore, it is reasonable to assume that your system is mis-configured
for dns. Are you using dnscache? tinydns? bind?
The fact that you say that these connections are only a subset of an
overwhelming number of identical connections indicates a serious
configuration problem on your gateway box.
Do you know _why_ your system might be contacting these root domain
servers?
What do you think?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
