$ whois sover.net [...] Name Server: CLOVER.SOVER.NET Clover is a DNS server for sover.net. It's quite possible that these are late replies to a DNS request that originated from within your network.
In either case, the issue is probably not the result of your configuration, and not something that your ISP is in a position to do anything about. I have a series of filter rules set up to block late replies to various services. I've posted them to the group at least twice, so they should be in the archives. They're similar to the default "Block/nolog stale HTTP" filter. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Netman [mailto:kenh@;nexuscei.com] > Sent: Wednesday, October 30, 2002 2:23 PM > To: [EMAIL PROTECTED] > Subject: [gb-users] DNS Attacks > > > Every so often (every few days or weeks), I get 2 straight > hours of alarms > for packets attempting to come in on Port 53. There could be > thousands of > these during the attack, coming in at the rate of 20 or so > per minute. The > odd thing is, they appear to be coming from my ISP. I have a > DNS server set > up for name resolution on the lan. Is there any way these > packets could be > something I did, or should I shake down my ISP some more? > 209.198.87.40 is > my ISP and the apparent sending address of all these packets. > xxx.242 is > the external address of my DNS server (and my email server). > > ALARM NO: 1 > DATE: Wednesday, Oct 30, 2002 > TIME: 14:16:03 > INTERFACE: EXTERNAL (fxp1) > INTERFACE TYPE: External > ALARM TYPE: Block > IP PACKET: UDP > [209.198.87.40/53]-->[xxx.xxx.xxx.242/30571] l=43 > > [clover.sover.net/domain]-->[mail.blablabla.com/30571] > > DETAILED DESCRIPTION: > IP packet was rejected. > > Thanks, > > Ken Hewitt, MIS Manager > Nexus Custom Electronics, Brandon, VT > [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/gb-users@;gta.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/gb-users@;gta.com
