Christopher Holmes wrote: > I'm running Dachstein & haven't changed any of the ipchains rules. I > just ran Shields Up (https://grc.com/x/ne.dll?bh0bkyd2) to test out the > firewall. A few questions... > > snip
> > 2) My port 53 is getting whacked hard for 10-20 seconds once or twice a > day from the same group of IP's. Anyone know what this might be? > Trying to find a bind vulnerability? Should I bother tracking down the > IP's? > This is probably from a group of servers that work together using tcp port 53 to apparently try to find out your location geographically. They do this to assign a web request to the closest server to you. This is some sort of proprietary (who would claim such a monster) method. If you want to know more about it look up port 53 scans on the list archive. There was extensive discussion and research several months ago on the list of IPs. Just put the whole list in SILENT_DENY="tcp_ip.number.of.flood_53 tcp_next.ip.no_53" svi network ipfilter reload if everything loads up ok - no error messages from typos then backup etc. > > 3) I also notice occasional random inbound attempts from 192.168.x.x and > 10.x.x.x. Shouldn't my ISP be preventing this sort of thing? > not necessarily. It may be coming from machines on your isps network. > > Thanks, > Chris Victor McAllister _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
