[Dshield] UDP packets dropped from DNS server

Johannes B. Ullrich jullrich at euclidian.com
Mon Oct 29 00:48:47 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Most likely, you have your firewall configured wrong. This looks like a 
DNS reply, in particular as you say the source is your ISP's DNS server.

> 10/23/2001 17:23:21.352 - UDP packet dropped -
> Source:216.20.63.145, 53, WAN -
> Destination:216.20.115.5, 9318, LAN -
>  	 - 	Rule 0
> 
> The source address is my ISP's DNS server. The destination
> address is the firewall. Anything to worry about? What is
> indicated?
> 

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE73KdxVOIizK5pIDMRAvK2AKDyYK2DlMjRlKEbafWkrnIq4K7z8QCgqMUV
ruLhR0NF0SlkeouuVmnxTIw=
=XSBr
-----END PGP SIGNATURE-----




More information about the list mailing list