[Leaf-user] tcp packets to dns port (was Re: Dachstein-pr3 available)

Thu, 27 Sep 2001 15:52:16 -0700 

----- Original Message -----
From: "Charles Steinkuehler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, September 27, 2001 7:38 PM
Subject: Dachstein-pr3 available


> Dachstein pr3 is now available in the usual location:
> http://lrp.steinkuehler.net/files/diskimages/dachstein/
>
> There are two main changes:  A major bug with port-forwarded DMZ setups
was
> fixed, and I have added the lrpStat application to weblet.

Charles,

that's great.  All the dmz problems appear to have gone away, and everything
seems to be working as it should.  Thanks very much.

I do have one niggle though.  My logs have quickly filled up with this sort
of thing...

Sep 27 23:45:02 glenmore kernel: Packet log: input DENY eth0 PROTO=6
203.208.128.70:35587 213.105.191.213:53 L=44 S=0x00 I=0 F=0x0000 T=242 (#47)
Sep 27 23:45:02 glenmore kernel: Packet log: input DENY eth0 PROTO=6
202.139.133.129:56100 213.105.191.213:53 L=44 S=0x00 I=0 F=0x0000 T=239
(#47)
Sep 27 23:45:02 glenmore kernel: Packet log: input DENY eth0 PROTO=6
203.194.166.182:43201 213.105.191.213:53 L=44 S=0x00 I=0 F=0x0000 T=232
(#47)
Sep 27 23:45:02 glenmore kernel: Packet log: input DENY eth0 PROTO=6
203.208.128.70:35613 213.105.191.213:53 L=44 S=0x00 I=0 F=0x0000 T=242 (#47)


I realise that these are tcp packets inbound to my dns port (53), but they
don't appear to be from the dns root-servers (which was the case last time
something like this happened).  I seem to remember a thread on either this,
or the linux-router list that discussed something like this a little while
ago. If I remember correctly, the conclusion was that it was down to some
flakey sort of load-balancing system, but I could be wrong on that.  I
searched the lists on geocrawler, but I couldn't turn up what I was looking
for.

I just want to check if I'm better opening up tcp_port_53, or simply
silently denying all these packets?  If I deny them, isn't there a
possibility of certain dns queries failing if the response is too large?  If
I open the port, do I leave myself in more insecure position, given that I
(think I) have a program that is listening on this port i.e. dnscache.

cheers

tim




_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to