Yes this is my management server and yes I do have a domain object but it does not exist in the actual rule base. If I look at the log from last week I don't see as many domain-udp queries as I do now. Do you think that the firewall is doing a reverse lookup of all the IPs that the slammer worm was talking to?
Thanks, Will. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Reinhard Stich Sent: 22 July 2004 20:45 To: [EMAIL PROTECTED] Subject: Re: [FW-1] Excessive DNS traffic between Firewall and internal DNS server. hi, is this your mgmt-server? it tries reverse-lookups of the IPs. or do you have a domain-object in your policy? than your firewall tries to check DNS every time it sees a new IP-address ... cheers reinhard At 18:42 22.07.2004, you wrote: >Hi, > >I've only recently installed a Firewall1 server on our network and am >worried about the excessive amount of DNS traffic going between my FW >and the internal DNS server. I only noticed this yesterday while >recovering from a SQL slammer attack which was launched from one of our >users laptops inside our network (user had just come back from holiday >and must have picked up a virus..) I'm now feeling a bit paranoid and >have noticed all this DNS traffic which wasn't as heavy last week. > >Any ideas? > >Thanks, > >Will. > > > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= -- Reinhard Stich ASSIST [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
