Re: Possible Port scan & IP Spoof?
From: NeoSadist (neos@dist)
Date: 11/26/02
- Next message: Don D.: "Re: ZoneAlarm forgets settings between sessions"
- Previous message: NeoSadist: "Re: All rules = No rules?"
- In reply to: Mike: "Possible Port scan & IP Spoof?"
- Next in thread: David: "Re: Possible Port scan & IP Spoof?"
- Reply: David: "Re: Possible Port scan & IP Spoof?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "NeoSadist" <neos@dist> Date: Tue, 26 Nov 2002 14:46:12 -0700
"Mike" <mikey117@hotmail.com> wrote in message
news:LWEE9.65782$8D.1574099@twister.austin.rr.com...
> I'm running a Sonicwall DMZ & in the past week, the log file has been
> filling up in the course of a day, with the majority of the entries like
the
> following. 24.30.200.19 is a Road Runner DNS server, 24.242.XXX.YYY is my
> public IP address & the ZZZZ is about any possible port number you can
think
> of.
> 11/25/2002 12:01:41.752 - UDP packet dropped - Source:24.30.200.19, 53,
> WAN - Destination:24.242.XXX.YYY, ZZZZ, LAN
>
> I wouldn't think a Road Runner DNS server would be making all of these
> attempts. Is there a way I can find out where this is coming from & what
can
> I do to stop it?
>
>
It's possible that maybe someone's forging the packet addresses to make it
look like it's the dns server, when in reality it's not. That's a
possibility. I'd say it's a good thing you have a firewall right about now!
lol
- Next message: Don D.: "Re: ZoneAlarm forgets settings between sessions"
- Previous message: NeoSadist: "Re: All rules = No rules?"
- In reply to: Mike: "Possible Port scan & IP Spoof?"
- Next in thread: David: "Re: Possible Port scan & IP Spoof?"
- Reply: David: "Re: Possible Port scan & IP Spoof?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
