Following Chapman & Zwicky, I've set up our firewalls to allow UDP traffic from port 53 to port 53, and both TCP and UDP traffic between high ports and port 53 on either side. My documentation seems to be out of date, since I get traffic from low ports to 53. Most of these are from unsuspected sites, like the .nl root server or large corporations. May 10 13:03:50 banzai kernel: Packet log: INlog REJECT eth0 PROTO=17 193.173.78.199:606 194.109.214.3:53 L=61 S=0x00 I=30400 F=0x0000 T=120 (#1) May 10 13:30:48 banzai kernel: Packet log: INlog REJECT eth0 PROTO=17 195.240.13.3:940 194.109.214.3:53 L=68 S=0x00 I=24765 F=0x0000 T=120 (#1) May 10 13:30:48 banzai kernel: Packet log: INlog REJECT eth0 PROTO=17 193.173.78.199:977 194.109.214.3:53 L=68 S=0x00 I=59766 F=0x0000 T=120 (#1) Can anybody enlighten me what's going on here? -- *** Guido A.J. Stevens *** mailto:[EMAIL PROTECTED] *** *** Net Facilities Group *** tel:+31.43.3618933 *** *** Postbus 1143 *** fax:+31.43.3560502 *** *** 6201 BC Maastricht *** http://www.nfg.nl *** Too many believe liberty will take care of itself. [Lessig, ISBN 0-465-03912-X, p. 58] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
