A lot of DNS attempt may be a DNS attack,where in you would get more than one answer for your query.In which the first would be the correct and the others would be a fake reply.So if you sniff that traffic,you can confirm it. But some scenarios like if the machine sending the dns reply or request, is being NATed,then you might get port numbers in the lower range as poor NAT dont know that they are registered ports.so a sniffer could relax you. Also you should not filter the lower level ports as you will never able to browse the internet.For e-g if you send a http request,the destination port would be 80.but the http reply from the web server comes in to your network as source port 80.if you filter, then no htp response would reach your network. regards Mohamed. On Wed, 24 Oct 2001 [EMAIL PROTECTED] wrote : > > I see alot of attempted udp connections to port 53 on my > dns servers but the source is less than 1024. According > to the O'Reilly book I shouldn't have to allow this. > Source port is in the 600, 700, 800, 900 area. Should > I be allowing this? Thanks. > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
