 |
 |
|
|
|
|
Welcome to the { mindfrost82.com } forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Display Modes |
03-13-2008, 12:00 AM
|
|||
|
|||
|
DNS transmits --state NEW?
I am logging unsolicited packets from "outside" our LAN via iptables:
.... -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ! eth0 -m state --state NEW -j LOG --log-level 7 --log-prefix UNSOLICITED: When I parse the log file, I am occasionally finding --state NEW UDP packets from 148.78.149.20[0123] SPT=53. The first 2 of those addresses are the nameservers of record, and: $ cat /etc/resolv.conf nameserver 148.78.249.200 nameserver 148.78.249.201 My question is: Why would a nameserver send me a --state NEW packet, especially originating from port 53 where DNS requests are listened for, and why might those other 2 addresses be involved? I'm sorry I can't figure out how to add a Followup-To: header using this Evolution newsreader. 
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Linear Mode
