nanog mailing list archives
Even more unusual traffic
From: "Jesse Whyte" <jwhyte () mail state tn us>
Date: Mon, 19 Oct 1998 14:29:58 -0500
I apologize for sending three messages, but in the review of our access-list violations, I have discovered even more odd and unusual traffic... Oct 13 11:49:03 protecting.router.ip.address 46: %SEC-6-IPACCESSLOGP: list 102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 3 packets Oct 13 11:54:03 protecting.router.ip.address 48: %SEC-6-IPACCESSLOGP: list 102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 3 packets Oct 13 13:49:06 protecting.router.ip.address 50: %SEC-6-IPACCESSLOGP: list 102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 2 packets Oct 13 13:54:07 protecting.router.ip.address 52: %SEC-6-IPACCESSLOGP: list 102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 2 packets IANA lists port 0 as reserved (failing to note what it is reserved for), so why am I seeing this traffic in the wild? What is its function, both as a source port and a destination port? And more importantly, why is someone trying to access it on my primary DNS server? Your help is appreciated... Jesse Whyte Security Analyst Office of Information Resources State of Tennessee (615)741-8651
Current thread:
- Even more unusual traffic Jesse Whyte (Oct 19)
- Re: Even more unusual traffic Glen Turner (Oct 19)