Re: Strange DNS packets
From: Gianni Bragante (gbragante_at_libero.it)
Date: 01/10/04
- Next message: Jem Berkes: "Re: Strange DNS packets"
- Previous message: Gianni Bragante: "Re: Strange DNS packets"
- In reply to: Jem Berkes: "Re: Strange DNS packets"
- Next in thread: Jem Berkes: "Re: Strange DNS packets"
- Reply: Jem Berkes: "Re: Strange DNS packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 10 Jan 2004 18:16:32 GMT
Thanks you for your message.
Yes I query several DNSRBL but incoming mail is handled by another SMTP
server at another address.
The packet in provided log are destined to the outgoing SMTP server.
Please also notice that those packet where discarded by the firewall, they
are not responses to outgoing queries.
Gianni Bragante
"Jem Berkes" <jb@users.pc9.org> ha scritto nel messaggio
news:Xns946C790218757jbuserspc9org@130.179.16.24...
> > Sometimes I find my iptables based firewall discards a large number of
> > DNS packet directed to the IP address of our mail server. This occurs
> > several times per day.
> > Sources are different IP addresses, each having at the same time the
> > same idea to query a non existent DNS. Anybody could explain that?
> > Does this happens to anybody else? Is this an attempted exploit of
> > something? Of what?
>
> Do you query DNSBLs (DNS blocklist) on your mail server? If so, I could
> imagine your mail server sending a DNS request to a number of RBL servers
> and getting the reply at pretty much the same time.
>
> --
> Jem Berkes
> http://www.sysdesign.ca/
- Next message: Jem Berkes: "Re: Strange DNS packets"
- Previous message: Gianni Bragante: "Re: Strange DNS packets"
- In reply to: Jem Berkes: "Re: Strange DNS packets"
- Next in thread: Jem Berkes: "Re: Strange DNS packets"
- Reply: Jem Berkes: "Re: Strange DNS packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
