[fw-wiz] PIX 6.3.3 and UDP connections

• Previous message: James Fields: "Re: [fw-wiz] RE: Router Internet Monitoring"
• Next in thread: Shivdasani, Meenoo: "RE: [fw-wiz] PIX 6.3.3 and UDP connections"
• Maybe reply: Shivdasani, Meenoo: "RE: [fw-wiz] PIX 6.3.3 and UDP connections"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Tue, 30 Sep 2003 09:18:48 +0200

Good day

We've got what may or may not be a problem. If we do a show conn on the
running PIX, we get hundreds of entries for UDP connections to our DMZ
protected DNS servers on port 53. We have a setup for the DNS servers
where the PIX translates from the outside address to the subnet that the
DMZ runs. If we restart the devices, the connections return quickly.

Is this normal behavior for a PIX, are we under some sort of attack or
have we just misconfigured something?

Regards

Bruce Smith

Firewall Administrator.

Snapshot of the show conn output follows

UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags -

UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags -

UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags -

UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags -

UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags -

UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags -

UDP out 61.143.182.121:53 in 196.21.198.101:41035 idle 0:00:01 flags -
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: James Fields: "Re: [fw-wiz] RE: Router Internet Monitoring"
• Next in thread: Shivdasani, Meenoo: "RE: [fw-wiz] PIX 6.3.3 and UDP connections"
• Maybe reply: Shivdasani, Meenoo: "RE: [fw-wiz] PIX 6.3.3 and UDP connections"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]