Thanks. Very clear and informative!! More comments inline > > I´m havin a lot of dnyed packets on port 53, like this one: > > Mar 14 13:46:13 tptrtr kernel: Packet log: input DENY eth0 PROTO=6 > 202.139.133.129:46069 200.45.110.178:53 L=44 S=0x00 I=0 > F=0x0000 T=237 (#65) > > The results of lising the rule are > > # ipchains -nvL --line-numbers > > 65 520 24564 DENY all ----l- 0xFF 0x00 eth0 > 0.0.0.0/0 0.0.0.0/0 n/a > > This is the "catch all" rule, which blocks any inbound traffic on the > external interface that hasn't explicitly been allowed. Perfect!!!
> > Can anyone help figuring out what's wrong (or may be right) > The packets are TCP (protocol 6) with a source port of 46069 and a > destination port of 53. This is pretty wierd. Port 53 is > for DNS, but > typically DNS queries only use UDP. TCP packets to/from port > 53 *ARE* used > to do zone transfers, and occasionally to transfer Fun is I have a DNS server but I have disallowed zone transfers. Its an internal caching DNS (W2K) > particularly large DNS > queries/responses. The high source port number of 46069 > would lead me to > believe the remote end initiated the connection. Why should this happend?? Any threat?? > > If you're not running a DNS server, I'd say the traffic is > some sort of scan > or probe, and should be denied. If you're actually running a > DNS server, I DO (see above) but I (mis?)understand that if zone transfers are not allowed (nor wanted) why will someone try to do a transfer to my system??? Looking for bind?? > this traffic isn't so unusual...you should look into > references on packet > filtering and securing your DNS server...if you simply drop > inbound TCP > queries, you can cause delays in name resolution for your > domains, but fully > securing DNS is beyond the scope of this e-mail, and your > original question. Where and how?? Some pointers (links may be?) > HTH, Helped a LOT!!! Thanks Charles Sergio _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
