Security Incidents mailing list archives
RE: Strange UDP Activity
From: "LAVELLE,MICHAEL (HP-PaloAlto,ex1)" <mlavelle () hp com>
Date: Tue, 16 Apr 2002 15:08:51 -0400
Hi All, With the help of the people who responded, I was able to track down the cause. It appears that an Astaro Security Linux firewall box I am building/evaluating started making DNS queries to the root servers rather than to the local DNS servers in it's local configuration. These replies got caught in my router access list and logged because it wasn't expected access. Next time I suspect something is wrong I will wait until morning to draft the email, rather than sending a groggily drafting request for help. My thanks to the list...you have been very helpful. Cheers, Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Strange UDP Activity LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 16)
- Re: Strange UDP Activity Ryan Russell (Apr 16)
- <Possible follow-ups>
- RE: Strange UDP Activity Joe Kattner (Apr 16)
- RE: Strange UDP Activity Rajiv Dighe (Apr 16)
- Re: Strange UDP Activity Valdis . Kletnieks (Apr 16)
- RE: Strange UDP Activity LAVELLE,MICHAEL (HP-PaloAlto,ex1) (Apr 16)
- RE: Strange UDP Activity Jose Nazario (Apr 16)
- Re: Strange UDP Activity Eric Brandwine (Apr 16)
- Re: Strange UDP Activity Jose Nazario (Apr 16)
- Re: Strange UDP Activity Eric Brandwine (Apr 16)
- Re: Strange UDP Activity Stephen Friedl (Apr 16)