> Message: 2
> Date: Fri, 15 Feb 2002 10:14:52 -0800
> From: Victor McAllister <[EMAIL PROTECTED]>
> To: leaf-user <[EMAIL PROTECTED]>
> Subject: Re: [Leaf-user] port 53 flooding my log
>
> GREGOR wrote:
> > I'm using DCD, I set it up as firewall, with IP aliasing on eth0, DMZ
> > switch=PRIVATE on eth2 and internal network on eth1.(thank's to
> > bela,charles and ray).
> >
> > I've got tons of logs of hits on port 53 like the following examples :
>
> Since you are using DCD - try adding all the port 53 flood servers in
> SILENT_DENY.
> Here is a copy of my list - note that they are all on one line each machine
> separated by a space. I have modified my list.
>
> # grep SILENT_DENY /etc/network.conf
>
> SILENT_DENY="tcp_64.78.235.14_53 tcp_64.56.174.186_53
> tcp_64.37.200.46_53 tcp_64.14.200.154_53 tcp_62.26.119.34_53
> tcp_62.23.80.2_53 tcp_216.35.167.58_53 tcp_216.34.68.2_53
> tcp_216.33.35.214_53 tcp_216.220.39.42_53 tcp_212.78.160.237_53
> tcp_203.208.128.70_53 tcp_203.194.166.182_53 tcp_202.139.133.129_53
> tcp_194.213.64.150_53 tcp_194.205.125.26_53"
>
> svi network ipfilter reload
>
> If it stops the log noise - then backup etc.
>
> Victor McAllister
>
>
>
>
> --__--__--
I have observed several other port 53 floods. Am I the only one?
tcp_128.121.10.146_53
tcp_128.242.105.34_53
tcp_129.250.244.10_53
tcp_203.81.45.254_53
tcp_209.157.68.18_53
tcp_213.38.75.193_53
--
Mike Sussman
[EMAIL PROTECTED]
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
