Firewall Wizards mailing list archives
PIX 6.3.3 and UDP connections
From: "Smith Bruce" <BruceS () petech ac za>
Date: Tue, 30 Sep 2003 09:18:48 +0200
Good day We've got what may or may not be a problem. If we do a show conn on the running PIX, we get hundreds of entries for UDP connections to our DMZ protected DNS servers on port 53. We have a setup for the DNS servers where the PIX translates from the outside address to the subnet that the DMZ runs. If we restart the devices, the connections return quickly. Is this normal behavior for a PIX, are we under some sort of attack or have we just misconfigured something? Regards Bruce Smith Firewall Administrator. Snapshot of the show conn output follows UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags - UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags - UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags - UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags - UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags - UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags - UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags - _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX 6.3.3 and UDP connections Smith Bruce (Sep 30)
- <Possible follow-ups>
- RE: PIX 6.3.3 and UDP connections Shivdasani, Meenoo (Sep 30)