Firewall Wizards mailing list archives
Interesting DNS Traffic
From: "Andrew Fessler" <andrew () allegro net>
Date: Fri, 28 May 1999 21:49:29 -0500
I have seen some unusual things on my Cisco. I have some access-lists setup. I permit, SMTP, WWW, POP, IMAP, ECHO,ICMP and a few other ports as well as 1024-65535 for inbound. That theroetically should cover any inbound traffic. However, I see DNS requests and WWW requests come in where the souce port on the packet originates in the 800 range rather than the standard 1024-65535 range. Therefore the reply back is denied. Example. xxx.xxx.xxx.xxx (879) --> 204.253.83.10 (53) meaning a packet came in from the internet going to my DNS, however the source port of the packet was 879. I cant find any reason why they are having abnormal source ports, should I worry about this? Should I open the 800 range ports? Seems like opening my network more than I want to. TIA Andrew Fessler Allegro
Current thread:
- Interesting DNS Traffic Andrew Fessler (May 30)