[Dshield] UDP packets dropped from DNS server

Chan, Stephen (TIS, Singapore) stephen_chan at sg.ml.com
Mon Oct 29 01:35:56 GMT 2001


Hi Jeff, I'm not sure what sort of firewall you are using, but looks to me
like either

1. Your network latency is too high to the DNS server and the firewall
failed to realize that this is the reply from an earlier conversation with
216.20.115.5

- or -

2. Your firewall does not handle stateful inspection, meaning, it looks at
each packet on it's own, and not build a "big-picture" of what's been going
on so far.

Any firewall that is worth the box they came in should do stateful
inspection. However, if you are using something like Cisco router IOS ACLs,
then this is has to be done manually.

Opening port 9318 or any high port (>1024) is not recommended. In any case,
this is a dynamically assigned port on your workstation.

Hope I make sense to you :-)




-----Original Message-----
From: Jeffrey Pike [mailto:jpike at gpl.org]
Sent: Saturday, October 27, 2001 9:37 PM
To: dshield at dshield.org
Subject: [Dshield] UDP packets dropped from DNS server


I'm relatively new to these issues, so forgive me if my
questions have obvious answers. I have many lines like
this in my firewall logs:

10/23/2001 17:23:21.352 - UDP packet dropped -
Source:216.20.63.145, 53, WAN -
Destination:216.20.115.5, 9318, LAN -
 	 - 	Rule 0

The source address is my ISP's DNS server. The destination
address is the firewall. Anything to worry about? What is
indicated?

Thank-you,
Jeffrey Pike
Technical Services Librarian
Groton Public Library
Groton, MA
jpike at gpl.org

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list