On Wed, 24 Oct 2001 [EMAIL PROTECTED] wrote: > I see alot of attempted udp connections to port 53 on my > dns servers but the source is less than 1024. According > to the O'Reilly book I shouldn't have to allow this. > Source port is in the 600, 700, 800, 900 area. Should > I be allowing this? Thanks.
Older resolvers (and resolvers set up by me) use 53 as a source port, so blocking everything under 1024 would be a bad move. What are the queries for? What kind of query distribution do you get? Also, check in conjunction with your proxy logs and outbound DNS- it may be that you're seeing traffic from load balancers attempting to figure out which site to send a user to based on either a DNS lookup or an HTTP connection. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
