> All these are blocked by rule #42. What is that rule? > These log messages are from strange hosts. 80% of them don't > resolve to a real hostname. All the packets you listed are > tcp packets with no SYN flag, meaning they are theoretically > responses to some tcp dns request your machine made. Because > they are all response packets, I'm not sure what's going on. > I don't know why you're getting responses from so many odd > computers. The other strange thing, is that I would expect > your firewall rules to allow response to outgoing TCP DNS requests. > That's why I want to see rule 42. > > ipchains -L > /tmp/myrules > vi /tmp/myrules, find line 42, and post it.
Here is the rule. My ruleset is standard Dachstein with only a couple of additions: 42 2795 124K DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a Searching the Internet turns up a number of scripts that scan port 53 for Bind. Let me know what you think. Sean _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
