Suspicious Deny's

Mon, 19 Mar 2001 19:19:47 -0800 

We have been logging these DNS requests on our ipchains firewall, this
firewall does not provide any DNS services. Is this suspicious? In that the
source that the requests are coming from are on such high port numbers and
the speed of the requests.

Mar 20 09:43:41 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1535 203.41.84.7:53 L=60 S=0x00 I=58708 F=0x4000 T=43 SYN
(#13) 
Mar 20 09:43:41 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1536 203.41.84.8:53 L=60 S=0x00 I=58709 F=0x4000 T=43 SYN
(#13) 
Mar 20 09:43:41 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1537 203.41.84.9:53 L=60 S=0x00 I=58710 F=0x4000 T=44 SYN
(#13) 
Mar 20 09:43:41 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1538 203.41.84.10:53 L=60 S=0x00 I=58711 F=0x4000 T=43 SYN
(#13) 
Mar 20 09:43:42 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1539 203.41.84.11:53 L=60 S=0x00 I=58747 F=0x4000 T=44 SYN
(#13) 
Mar 20 09:43:42 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1540 203.41.84.12:53 L=60 S=0x00 I=58748 F=0x4000 T=43 SYN
(#13) 
Mar 20 09:43:44 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1535 203.41.84.7:53 L=60 S=0x00 I=58943 F=0x4000 T=43 SYN
(#13) 
Mar 20 09:43:44 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1536 203.41.84.8:53 L=60 S=0x00 I=58944 F=0x4000 T=43 SYN
(#13) 
Mar 20 09:43:44 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1537 203.41.84.9:53 L=60 S=0x00 I=58945 F=0x4000 T=43 SYN
(#13) 
Mar 20 09:43:44 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1538 203.41.84.10:53 L=60 S=0x00 I=58946 F=0x4000 T=43 SYN
(#13) 
Mar 20 09:43:44 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1539 203.41.84.11:53 L=60 S=0x00 I=58972 F=0x4000 T=44 SYN
(#13) 
Mar 20 09:43:44 firewall kernel: Packet log: input DENY eth1 PROTO=6
202.39.29.162:1540 203.41.84.12:53 L=60 S=0x00 I=58973 F=0x4000 T=43 SYN
(#13) 

I await your thoughts.

Thanks

Andy

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to