Firewall Wizards mailing list archives
Router is doing DNS all on it's own....
From: Don Kendrick <don () netspys com>
Date: Mon, 27 Aug 2001 16:41:32 -0400
Greetings all, Got a strange problem I want to run by you... 1. Cisco router stilling at the edge.1. Have a couple of offsite dns servers listed in the Cisco config as name servers.
3. Have a strong inbound access list on it which, among many other things, denies tcp/udp dns to the router (ie, any replies to dns queries from the router should be blocked).
4. Have syslog set to a syslog server off -box.I use the above as one of my poor man's ids for that router. If someone gets on it, doesn't look thru the access list closely and tries anything that kicks off a dns query, i'm paged.
Well, this little guy has been quiet for many years except when I would occasionally forget and trip over it myself.
Now twice in the last week, I've gotten the pages. No one is on the router that I can find, I've changed the passwords after the 1st time, nothing looks out of place, all other alerting is fine, no one has messed with the configs (unless they know how to alter the "last modified" that Cisco keeps...
Any ideas? Don _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Router is doing DNS all on it's own.... Don Kendrick (Aug 28)