[Dshield] UDP packets dropped from DNS server

Gary Garrison garyg at fbtc.net
Sat Oct 27 17:51:21 GMT 2001


Of course, assuming Jeff's wkstn is resolving (most of the time),
it could be the ISP's DNS is a bit lethargic, allowing his f/w to timeout.

fwiw,
Gary

-----Original Message-----
From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of John Groseclose
Sent: Saturday, October 27, 2001 9:36 AM
To: dshield at dshield.org
Subject: Re: [Dshield] UDP packets dropped from DNS server


At 9:37 AM -0400 10/27/01, Jeffrey Pike wrote:
>I'm relatively new to these issues, so forgive me if my
>questions have obvious answers. I have many lines like
>this in my firewall logs:
>
>10/23/2001 17:23:21.352 - UDP packet dropped -
>Source:216.20.63.145, 53, WAN -
>Destination:216.20.115.5, 9318, LAN -
>  	 - 	Rule 0
>
>The source address is my ISP's DNS server. The destination
>address is the firewall. Anything to worry about? What is
>indicated?

Port 53 is the DNS server.

In most parts of the world, it's considered moderately rude to ask a
question, then ignore the answer - which is what you're doing to that
poor DNS server. You're sending queries, then blocking the answers.
--
John Groseclose
iain at caradoc.org

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list