DJ:
I've updated the advice.txt file at:
www.echogent.com/cgi-bin/fwlog.pl
...so that it correctly reports on these packets that you're
seeing. Quick answer: it's a terribly sloppy type of load-balancing,
not a DNS attack. If the SYN flag were set, I'd be much more worried.
If your LEAF box is not running a DNS server, can safely block
without logging any TCP packets that arrive destined for your port 53.
I think I'll add this to the upcoming update to echowall, akshally...
cheers,
Scott
---Original Message---
Apr 14 23:00:57 firewall kernel: Packet log: input DENY eth0 PROTO=6
128.121.10.146:56666 X.X.X.X:53 L=44 S=0x00 I=0 F=0x0000 T=246 (#48)
This is what my log says. Only its repeated 800 times in 1 day.
With various IPs. I only noticed the problem when I could not
access my own website or email.
Is there anyway to stop or block this?
I have been using leaf for about six months and it has been great.
Thanks
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
