[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] domain-tcp drops
Depending on what version of bind you are running and the size of the query results, the server could request the client to initiate a TCP connection, so it does not have to chop the data into several UDP packets. You might want to do some research on what the patterns for these connections are, as well as collect some packets and look at the data. Cheers. George -----Original Message----- From: Reed Mohn, Anders [mailto:[email protected]] Sent: Wednesday, August 22, 2001 5:31 AM To: 'y m'; [email protected] Subject: RE: [FW1] domain-tcp drops Could well be someoen trying to find a vulnerable DNS server, yes. We had similar stuff happening here, but traced it back to two causes: 1. An internal Win2K-PC was expecting to find a Dynamic DNS service at our DNS-servers address. This made it pour out frequent domain-tcp requests. 2. Our old ISP had forgotten to remove a reverse lookup (PTR) record for our network. This lead a lot of servers out there, trying to find a DNS at and old IP address of ours, to the name of one of our servers. This name was then resolved to one of our new IPs, which again received tonnes of DNS-requests. Cheers, Anders :) > In the firewall logs I see lot of domain-tcp drops > with source being as different IP Addresses and > Destination being our DNS server in DMZ . > The DNS server in DMZ is used for resolving external > domains . > Is this because people are trying to do domain > transfers or something else ? > > Thanks > > > __________________________________________________ > Do You Yahoo!? > Make international calls for as low as $.04/minute with > Yahoo! Messenger > http://phonecard.yahoo.com/ > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|