Hi,
Since this morning (CET) I'm getting bursts of tcp packets from port 53
to unprivileged ports on my firewall. So far I've had four bursts of
this, each about 20 minutes long. They're all DENYed. I only let in
*udp* packets from port 53. I run a caching named on a RH 6.2+ (up to
date) PC inside the firewall.
AFAIK, there is no activity in my home network that could trig this
traffic.
Here's an example:
May 3 20:11:29 odin kernel: Packet log: input DENY eth1 PROTO=6
192.12.94.30:53 192.168.0.2:62132 L=44 S=0x00 I=31680 F=0x0000 T=41 (#4)
May 3 20:11:29 odin kernel: Packet log: input DENY eth1 PROTO=6
213.177.194.5:53 192.168.0.2:62123 L=44 S=0x00 I=10156 F=0x0000 T=45
(#4)
May 3 20:11:29 odin kernel: Packet log: input DENY eth1 PROTO=6
213.177.194.5:53 192.168.0.2:62123 L=44 S=0x00 I=10374 F=0x0000 T=45
(#4)
May 3 20:11:29 odin kernel: Packet log: input DENY eth1 PROTO=6
192.12.94.30:53 192.168.0.2:62132 L=44 S=0x00 I=32049 F=0x0000 T=41 (#4)
May 3 20:11:29 odin kernel: Packet log: input DENY eth1 PROTO=6
192.42.93.30:53 192.168.0.2:62138 L=44 S=0x00 I=39793 F=0x0000 T=42 (#4)
May 3 20:11:29 odin kernel: Packet log: input DENY eth1 PROTO=6
193.252.19.4:53 192.168.0.2:62110 L=52 S=0x00 I=23351 F=0x4000 T=245
(#4)
May 3 20:11:30 odin kernel: Packet log: input DENY eth1 PROTO=6
192.31.80.30:53 192.168.0.2:62133 L=44 S=0x00 I=40962 F=0x0000 T=41 (#4)
Has anyone else noticed the same? This is an absolutely new experience
for me.
What would make external DNS servers start sending me tcp packets?
Regards
Gustav
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
