Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NG AI and DNS drops

To: [email protected]
Subject: Re: [FW-1] NG AI and DNS drops
From: Edwin Davidson <[email protected]>
Date: Thu, 31 Jul 2003 14:35:13 -0500
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

>>Is 53/udp the _source_ or _destination_ port?
destination_ port


>>If 53/udp is the _destination_ port, then this has nothing to do with
>>queries timing out or anything like that.

Maybe my understanding of UDP DNS is incorrect.  Doesn't the request
go to the DNS server as a UDP QUERY, then a seperate UDP packet is
sent from the DNS server back to the requestor?


>>These are the usual random probes or more likely, that hideous noise from lame load balancing
>>software that all firewall admin have learned to love. (At least the
>>load balancing software now carries a PTR lookup on the destination IP
>>rather than the old version.bind lookup that would set off all of the
>>IDSs.)

Yea, I'm aware of these things.  I've complained about them before as I've got some
traffic that is just about non-stop coming from one company (& about 15 IP's)
I am thinking now that this is it.   You got me thinking, and I checked my rule
base.  Previously I didn't log DNS requests at all.  I had turned the logging of
this OFF specifically for this reason.  After the upgrade, it was turned back on.
The # of devices doing this has increased since last I logged DNS.

The mind is a curious thing.

Thanks;

Edwin Davidson



http://www.primeinc.com
**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they are addressed.  If you have received this email
in error please reply to the sender of the message.

The views expressed in this correspondence may not
reflect the views of Prime, Inc.

This footnote also confirms that this email message has
been scanned for the presence of computer viruses.
**********************************************************************

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] NG AI and DNS drops
  - From: Crist Clark <[email protected]>

References:
- Re: [FW-1] NG AI and DNS drops
  - From: Crist Clark <[email protected]>

Prev by Date: [FW-1] secureremote docs?
Next by Date: Re: [FW-1] secureremote docs?
Previous by thread: Re: [FW-1] NG AI and DNS drops
Next by thread: Re: [FW-1] NG AI and DNS drops
Index(es):
- Date
- Thread