|
Hi Cristian, I had to look up nss-resolve and indeed both LLMNR and system-resolved are mentioned in the description. In my test VM, `apt-cache policy` is showing that libnss-resolve package is installed.
I removed it using `apt purge libnss-resolve` and checked journalctl logs again while re-running the python script and I continue to see outbound connections on port 5355 are being logging.
I restarted the VM (to ensure the plugin was no longer loaded) and re-ran the nftables rule and python script but I continue to see the outbound connections with each invocation of gethostbyaddr. Let me know what else I can investigate, this is new territory for me. Thanks, Anthony TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. For details about what personal information we collect and why, please see our Privacy Notice on our website at: Read privacy policy |
Re: Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- From: "Anthony_Fuller@xxxxxxxxxxxxxx" <Anthony_Fuller@xxxxxxxxxxxxxx>
- Date: Thu, 22 Feb 2024 23:13:27 +0000
- Accept-language: en-US
- Cc: "systemd-devel@xxxxxxxxxxxxxxxxxxxxx" <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <CAPBLoAc78rVF-AMeOjOrFuj1mrDNwW3PuEY+wBkkv-6uim27Bw@mail.gmail.com>
- Msip_labels: MSIP_Label_fb50d67e-2428-41a1-85f0-bee73fd61572_Enabled=True; MSIP_Label_fb50d67e-2428-41a1-85f0-bee73fd61572_SiteId=3e04753a-ae5b-42d4-a86d-d6f05460f9e4; MSIP_Label_fb50d67e-2428-41a1-85f0-bee73fd61572_SetDate=2024-02-22T22:48:07.2881607Z; MSIP_Label_fb50d67e-2428-41a1-85f0-bee73fd61572_Name=Public Information - no protection; MSIP_Label_fb50d67e-2428-41a1-85f0-bee73fd61572_ContentBits=0; MSIP_Label_fb50d67e-2428-41a1-85f0-bee73fd61572_Method=Standard
- References: <PH0PR01MB742848B896B400E04B508A0796562@PH0PR01MB7428.prod.exchangelabs.com> <CAPBLoAc78rVF-AMeOjOrFuj1mrDNwW3PuEY+wBkkv-6uim27Bw@mail.gmail.com>
- Follow-Ups:
- Re: Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- From: Cristian Rodríguez
- Re: Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- References:
- Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- From: Anthony_Fuller@xxxxxxxxxxxxxx
- Re: Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- From: Cristian Rodríguez
- Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- Prev by Date: Re: Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- Next by Date: Re: Can I provide separate enabling for dbus-activation and "normal" start ?
- Previous by thread: Re: Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- Next by thread: Re: Systems-resolved: Calling gethostbyaddr on non-local/non-private causes connection attempt
- Index(es):
 |