Re: [FW1] domain-tcp drops

Tue, 28 Aug 2001 04:16:37 -0700 



Greetings

I see the same thing, every day, from multiple source IPs (all being 
blocked, of course), all at about (within 5 seconds) the same time.  I see 
these logs on my CPFW at home, with a destination of my DNS server (only 
open to my internal networks.)  My best guess has always been that I have 
done a lookup against these DNS servers at some point in time, and based on 
the fact that they're all very different IP ranges, and the fact that they 
all hit me at the same approximate time, then they are likely compromised in 
some manner.  I really don't know this, though.

attention "Y M"
I would be interested if you'd be willing to share the list of IPs that are 
trying to connect to your DNS server. Feel free to filter out anything you 
want, but I'd be curious to see the Source IPs and times/dates (and what 
time zone your FW is in) for comparison.

If you're interested in swapping, feel free to email me directly.

regards
jakevil



>From: y m <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: [FW1] domain-tcp drops
>Date: Tue, 21 Aug 2001 11:21:55 -0700 (PDT)
>
>
>
>
>Hi,
>
>
>In the firewall logs I see lot of domain-tcp drops
>with source being as different IP Addresses and
>Destination being our DNS server in DMZ .
>The DNS server in DMZ is used for resolving external
>domains .
>Is this because people are trying to do domain
>transfers or something else ?
>
>Thanks
>
>
>__________________________________________________
>Do You Yahoo!?
>Make international calls for as low as $.04/minute with Yahoo! Messenger
>http://phonecard.yahoo.com/
>
>
>================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>================================================================================
>


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to