Every so often (every few days or weeks), I get 2 straight hours of alarms
for packets attempting to come in on Port 53. There could be thousands of
these during the attack, coming in at the rate of 20 or so per minute. The
odd thing is, they appear to be coming from my ISP. I have a DNS server set
up for name resolution on the lan. Is there any way these packets could be
something I did, or should I shake down my ISP some more? 209.198.87.40 is
my ISP and the apparent sending address of all these packets. xxx.242 is
the external address of my DNS server (and my email server).
ALARM NO: 1
DATE: Wednesday, Oct 30, 2002
TIME: 14:16:03
INTERFACE: EXTERNAL (fxp1)
INTERFACE TYPE: External
ALARM TYPE: Block
IP PACKET: UDP [209.198.87.40/53]-->[xxx.xxx.xxx.242/30571] l=43
[clover.sover.net/domain]-->[mail.blablabla.com/30571]
DETAILED DESCRIPTION:
IP packet was rejected.
Thanks,
Ken Hewitt, MIS Manager
Nexus Custom Electronics, Brandon, VT
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/gb-users@;gta.com
