[Dshield] UDP packets dropped from DNS server

John Groseclose iain at caradoc.org
Sat Oct 27 14:36:15 GMT 2001


At 9:37 AM -0400 10/27/01, Jeffrey Pike wrote:
>I'm relatively new to these issues, so forgive me if my
>questions have obvious answers. I have many lines like
>this in my firewall logs:
>
>10/23/2001 17:23:21.352 - UDP packet dropped -
>Source:216.20.63.145, 53, WAN -
>Destination:216.20.115.5, 9318, LAN -
>  	 - 	Rule 0
>
>The source address is my ISP's DNS server. The destination
>address is the firewall. Anything to worry about? What is
>indicated?

Port 53 is the DNS server.

In most parts of the world, it's considered moderately rude to ask a 
question, then ignore the answer - which is what you're doing to that 
poor DNS server. You're sending queries, then blocking the answers.
-- 
John Groseclose
iain at caradoc.org




More information about the list mailing list