See all the messages from last week titled "UDP Port 53 Traffic".
Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Vaughn Thurman - Swift Systems Inc > [mailto:[EMAIL PROTECTED]] > Sent: Sunday, December 08, 2002 1:49 PM > To: [EMAIL PROTECTED] > Subject: [gb-users] DNS anomolies > > > I have the following alarms getting emailed to me way too much: > > -------------------------------------------------------------- > -------------- > -------------------------- > ALARM NO: 2 > DATE: Sat 2002-12-07 14:33:39 GMT > PRIORITY: 4 > INTERFACE: PSN (dc2) > INTERFACE TYPE: Private service network (PSN) > ALARM TYPE: Block > IP PACKET: UDP [198.70.31.254/53]-->[198.70.30.1/2122] l=163 > > [dns1.swiftsystems.com/domain]-->[stpeter.swiftsystems.com/2122] > > DETAILED DESCRIPTION: > IP packet was rejected by filter 25. > -------------------------------------------------------------- > -------------- > -------------------------- > > Filter 25 is the catch all "deny all other access to all > interfaces". I am > running the SMTP proxy and my external DNS Server is configured to > 198.70.31.254, which is actually a pass-through on the PSN. > > DNS queries seem to be going fine (from the gnatbox) as ping > by name works > without a hitch, but I get many (many) of these alarms every > day showing > that traffic from port 53 (on the DNS server) to random ports > on the gnatbox > PSN interface are being denied. This sort of looks like > replies from the > DNS server are getting blocked??? I am running 3.2.5s. Is > there a problem > with the virtual crack not letting responses back through? I > tore apart the > DNS server to make sure it was not referring to the firewall > IP for any > reason (DNS or Network level) other than as a gateway IP > address, it is not. > > So next I tried to set up an "allow all protocols" filter so > that the DNS > server can access from port 53 on the DNS server to ANY/ANY on the PSN > interface. It would not let me save port 53 as the port > number in the web > interface, weird so I set up a wide open any/any from the DNS > server's IP to > the PSN interface. I am still getting the alarms. Has > anyone seen anything > like this? I'm feeling like I have run into "ze-bug" maybe. > > Thanks, > -Vaughn > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
