[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG AI and DNS drops
>>Is 53/udp the _source_ or _destination_ port? destination_ port >>If 53/udp is the _destination_ port, then this has nothing to do with >>queries timing out or anything like that. Maybe my understanding of UDP DNS is incorrect. Doesn't the request go to the DNS server as a UDP QUERY, then a seperate UDP packet is sent from the DNS server back to the requestor? >>These are the usual random probes or more likely, that hideous noise from lame load balancing >>software that all firewall admin have learned to love. (At least the >>load balancing software now carries a PTR lookup on the destination IP >>rather than the old version.bind lookup that would set off all of the >>IDSs.) Yea, I'm aware of these things. I've complained about them before as I've got some traffic that is just about non-stop coming from one company (& about 15 IP's) I am thinking now that this is it. You got me thinking, and I checked my rule base. Previously I didn't log DNS requests at all. I had turned the logging of this OFF specifically for this reason. After the upgrade, it was turned back on. The # of devices doing this has increased since last I logged DNS. The mind is a curious thing. Thanks; Edwin Davidson http://www.primeinc.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please reply to the sender of the message. The views expressed in this correspondence may not reflect the views of Prime, Inc. This footnote also confirms that this email message has been scanned for the presence of computer viruses. ********************************************************************** ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|