[tlug] hack attack from localhost?

[Sven Simon <sven@example.com>]

I got my FreeBSD set up to log connection attempts on blocked ports
and here's what I found in /var/log/messages:

Jan 25 03:05:41 hostname /kernel: Connection attempt to UDP 
127.0.0.1:512 from 127.0.0.1:1096
Jan 25 03:05:41 hostname /kernel: Jan 25 03:05:41 ninja /kernel: 
Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1096
Jan 25 03:05:43 hostname /kernel: Connection attempt to UDP 
127.0.0.1:512 from 127.0.0.1:1103
Jan 25 03:05:43 hostname /kernel: Jan 25 03:05:43 ninja /kernel: 
Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:1103
Jan 27 03:06:02 hostname /kernel: Connection attempt to UDP 
127.0.0.1:512 from 127.0.0.1:3973
Jan 27 03:06:02 hostname /kernel: Jan 27 03:06:02 ninja /kernel: 
Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3973
Jan 27 03:06:04 hostname /kernel: Connection attempt to UDP 
127.0.0.1:512 from 127.0.0.1:3980
Jan 27 03:06:04 hostname /kernel: Jan 27 03:06:04 ninja /kernel: 
Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:3980

As I recall port 512 has something to do with mail notification, but if I'm
not mistaken that's what I turned turned of in sendmail with

FEATURE(`no_default_msa')dnl

in the sendmail.mc file and netstat proofs the port's closed.

Anyway, can someone shed some light on this for me?

Sven