Re: strange traffic on UDP port 53

["Rodney Green" <rgreen () trayerproducts com>]

What is the access list that you applied?

----------------------------------


Hi All,
We don't have a firewall and is just relying on Access-list on our border
router. After i applied the new access-list I am continously receiving
the logs showed below. The destination IP is our mail server (not running
any DNS service) while the source IP (unsolicited and using source port
with some sort of incremental patterm, the denied packets logs is also
continuous now for about 4 days) I am not aware of any trojan or worm
using the below. I already tried searching google but cannot find the
explanation or something that might help me understand the below....
Please advise.

--logs starts here---
denied udp XX7.Y3.71.242(54067) -> XX3.Y1.246.66(53), 1 packet
denied udp XX7.Y3.71.242(54070) -> XX3.Y1.246.66(53), 1 packet
denied udp XX7.Y3.71.242(53967) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(53972) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(53979) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(53989) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(54003) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(53982) -> XX3.Y1.246.66(53), 34 packets
denied udp XX7.Y3.71.242(54009) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(54027) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(54035) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(54042) -> XX3.Y1.246.66(53), 2 packets

----------------------------------------------------------------------------
----------------------------------------------------------------------------



----------------------------------------------------------------------------
----------------------------------------------------------------------------