[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS filters

To: firewalls@Lists.GNAC.NET
Subject: DNS filters
From: Guido A.J. Stevens <gyst@nfg.nl>
Date: 10 May 2000 17:51:19 +0200

Following Chapman & Zwicky, I've set up our firewalls to allow UDP
traffic from port 53 to port 53, and both TCP and UDP traffic between
high ports and port 53 on either side.

My documentation seems to be out of date, since I get traffic from low
ports to 53. Most of these are from unsuspected sites, like the .nl
root server or large corporations. 

May 10 13:03:50 banzai kernel: Packet log: INlog REJECT eth0 PROTO=17 
193.173.78.199:606 194.109.214.3:53 L=61 S=0x00 I=30400 F=0x0000 T=120 (#1)
May 10 13:30:48 banzai kernel: Packet log: INlog REJECT eth0 PROTO=17 
195.240.13.3:940 194.109.214.3:53 L=68 S=0x00 I=24765 F=0x0000 T=120 (#1)
May 10 13:30:48 banzai kernel: Packet log: INlog REJECT eth0 PROTO=17 
193.173.78.199:977 194.109.214.3:53 L=68 S=0x00 I=59766 F=0x0000 T=120 (#1)

Can anybody enlighten me what's going on here?
-- 
***    Guido A.J. Stevens      ***    mailto:gyst@nfg.nl    ***
***    Net Facilities Group    ***    tel:+31.43.3618933    ***
***    Postbus 1143            ***    fax:+31.43.3560502    ***
***    6201 BC  Maastricht     ***    http://www.nfg.nl     ***

Too many believe liberty will take care of itself.
[Lessig, ISBN 0-465-03912-X, p. 58]
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: Re: FW: Redirecting closed port connections
Next by Date: MailESSENTIALs from GFI - any takers
Prev by thread: RE: Secure Remote & Novell
Next by thread: MailESSENTIALs from GFI - any takers
Index(es):
- Date
- Thread