Re: Suspecious DNS traffic

2013-03-26 Thread Mark Elkins
ecting to remote DNS on non standard port? > > So where i need to now look? > > Regards > Papdheen M > > > > From: Matus UHLAR - fantomas > To: bind-users@lists.isc.org > Sent: Monday, 25 March 2013 7:46 PM > Subject: Re: Suspecious DNS traffic > >

Re: Suspecious DNS traffic

2013-03-26 Thread Warren Kumari
hy my DNS server is initiating the connection to remote >> DNS server on non standard destination Port? >> >> Regards Babu >> >> >> >> *From:* Vernon Schryver *To:* >> bind-users@lists.isc.org *Sent:* Monday, 25 March 2013 8:40 PM >> *Sub

Re: Suspecious DNS traffic

2013-03-26 Thread Novosielski, Ryan
rd destination port is getting blocked? > > Not sure why my DNS server is initiating the connection to remote > DNS server on non standard destination Port? > > Regards Babu > > > > *From:* Vernon Schryver *To:* > bind-users@lists.isc.org *Sent:* Monday, 25 March

Re: Suspecious DNS traffic

2013-03-26 Thread Novosielski, Ryan
te DNS server > on non standard destination port? > > Regards Babu > > > *From:* "wbr...@e1b.org" *To:* babu dheen > *Cc:* "bind-users@lists.isc.org" > *Sent:* Monday, 25 March 2013 7:48 PM > *Subject:* Re: Suspecious DNS traffic > > babu

Re: Suspecious DNS traffic

2013-03-26 Thread Mark Andrews
___ > From: "wbr...@e1b.org" > To: babu dheen > Cc: "bind-users@lists.isc.org" > Sent: Monday, 25 March 2013 7:48 PM > Subject: Re: Suspecious DNS traffic > > babu dheen wrote on 03/25/2013 12:21:30 PM: > > > Still not convinced

Re: Suspecious DNS traffic

2013-03-26 Thread babu dheen
o remote DNS server on non standard destination Port?   Regards Babu       From: Vernon Schryver To: bind-users@lists.isc.org Sent: Monday, 25 March 2013 8:40 PM Subject: Re: Suspecious DNS traffic > > Still not convinced because if i need to allow &g

Re: Suspecious DNS traffic

2013-03-26 Thread babu dheen
quot;bind-users@lists.isc.org" Sent: Monday, 25 March 2013 7:48 PM Subject: Re: Suspecious DNS traffic babu dheen wrote on 03/25/2013 12:21:30 PM: > Still not convinced because if i need to allow >1024 port from  our > DNS server to external world(internet).. where is the security?

Re: Suspecious DNS traffic

2013-03-26 Thread babu dheen
Sent: Monday, 25 March 2013 7:46 PM Subject: Re: Suspecious DNS traffic On 26.03.13 00:21, babu dheen wrote: >Hi Matus, please, skip personal replies. this is mailing listand issued should be discussed here. >Still not convinced because if i need to allow >1024 port from  our DNS &g

Re: Suspecious DNS traffic

2013-03-25 Thread Vernon Schryver
> > Still not convinced because if i need to allow >1024 port from our > > DNS server to external world(internet).. where is the security? Every UDP and TCP packet has two port numbers, the source port and the destination port. When a resolver sends a request to a distant DNS authority, it send

Re: Suspecious DNS traffic

2013-03-25 Thread WBrown
babu dheen wrote on 03/25/2013 12:21:30 PM: > Still not convinced because if i need to allow >1024 port from our > DNS server to external world(internet).. where is the security? Total security requires total isolation. It is a matter of accepting some risks to perform the needed task. > I

Re: Suspecious DNS traffic

2013-03-25 Thread Matus UHLAR - fantomas
On 26.03.13 00:21, babu dheen wrote: Hi Matus, please, skip personal replies. this is mailing listand issued should be discussed here. Still not convinced because if i need to allow >1024 port from  our DNS server to external world(internet).. where is the security? If you have statefull f

Re: Suspecious DNS traffic

2013-03-25 Thread Niall O'Reilly
On 25 Mar 2013, at 16:21, babu dheen wrote: > Still not convinced because if i need to allow >1024 port from our DNS > server to external world(internet).. where is the security? > > I beleive we just need to allow TCP and UDP 53 from our DNS server to > internet(any) which is already done. N

Re: Suspecious DNS traffic

2013-03-25 Thread Carlos M. Martinez
--- > *From:* Matus UHLAR - fantomas > *To:* bind-users@lists.isc.org > *Sent:* Monday, 25 March 2013 3:30 PM > *Subject:* Re: Suspecious DNS traffic > > On 25.03.13 16:59, babu dheen wrote: >> I am able to query one of the PTR rec

Re: Suspecious DNS traffic

2013-03-25 Thread babu dheen
ard port from our DNS server to internet? Kindly provide some details. Regards Babu From: Matus UHLAR - fantomas To: bind-users@lists.isc.org Sent: Monday, 25 March 2013 3:30 PM Subject: Re: Suspecious DNS traffic On 25.03.13 16:59, babu dheen wrote: >

Re: Suspecious DNS traffic

2013-03-25 Thread Matus UHLAR - fantomas
On 25.03.13 16:59, babu dheen wrote:  I am able to query one of the PTR record available in my company BIND caching DNS server from internet(ANY IP address) successfully. As per your statement, If I am denying the response, how could I get response successfully? you must allow the packets from

Re: Suspecious DNS traffic

2013-03-25 Thread babu dheen
Andrews To: babu dheen Cc: "bind-users@lists.isc.org" Sent: Monday, 25 March 2013 12:33 AM Subject: Re: Suspecious DNS traffic In message <1364140396.42023.yahoomail...@web190806.mail.sg3.yahoo.com>, babu d heen writes: > > Dear, > > We have Caching DNS s

Re: Suspecious DNS traffic

2013-03-24 Thread Mark Andrews
In message <1364140396.42023.yahoomail...@web190806.mail.sg3.yahoo.com>, babu d heen writes: > > Dear, > > We have Caching DNS server and certain PTR record(reverse entry > verification purpose) only is allowed from internet. But I am observing > suspicious DNS traffic from my BIND caching DNS

Suspecious DNS traffic

2013-03-24 Thread babu dheen
Dear, We have Caching DNS server and certain PTR record(reverse entry verification purpose) only is allowed from internet. But I am observing suspicious DNS traffic from my BIND caching DNS server towards 67.215.80.15,67.215.80.13,207.192.69.4,67.227.239.85 IP address  on destination port 1033