NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] domain-tcp drops



Depending on what version of bind you are running and the size of the query
results, the server
could request the client to initiate a TCP connection, so it does not have
to chop the data into several UDP packets.
You might want to do some research on what the patterns for these
connections are, as well as collect some 
packets and look at the data.

Cheers.
George

 -----Original Message-----
From: 	Reed Mohn, Anders [mailto:[email protected]] 
Sent:	Wednesday, August 22, 2001 5:31 AM
To:	'y m'; [email protected]
Subject:	RE: [FW1] domain-tcp drops




Could well be someoen trying to find a vulnerable DNS server, yes.

We had similar stuff happening here, but traced it back to
two causes:

1. An internal Win2K-PC was expecting to find a Dynamic DNS
service at our DNS-servers address. This made it pour out
frequent domain-tcp requests.

2. Our old ISP had forgotten to remove a reverse lookup (PTR)
record for our network. This lead a lot of servers out there, trying
to find a DNS at and old IP address of ours, to the name of
one of our servers. This name was then resolved to one of our new IPs,
which again received tonnes of DNS-requests.

Cheers,
Anders :)



> In the firewall logs I see lot of domain-tcp drops 
> with source being as different IP Addresses and 
> Destination being our DNS server in DMZ .
> The DNS server in DMZ is used for resolving external
> domains .
> Is this because people are trying to do domain
> transfers or something else ?
> 
> Thanks
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with 
> Yahoo! Messenger
> http://phonecard.yahoo.com/
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


_____________________________________________________________________ 
IMPORTANT NOTICES: 
          This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.

         Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.

         BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.