[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-1
Subject:    [FW-1] strange udp traffic in firewall-1 ?
From:       X Xpid <modedevotion () YAHOO ! CA>
Date:       2004-03-30 17:09:43
Message-ID: 20040330170943.56650.qmail () web12821 ! mail ! yahoo ! com
[Download RAW message or body]

We are running a firewall-1 v.4.1 in a Nokiaip330.Ipso
3.4.

Our network is composed of 1 external dns server
(public zone) and 1 internal server (trusted zone)

I've detected following entries in firewall logs.Is
this normal behaviour? I ve checked in Properties in
Policy Editor and
"Accept domain name over udp"
"Accept UDP replies"
both are allowed.

Suspicious? Log entries

source: some.public.ip.address (random port) >
destination : external.fw1.ip.address (udp/53)
action:allowed

I did a nslookup to my fw and it replied but i m not
getting a response for a regular dns query.

Can anyone explain this behaviour?

i guess for now i will set the follwoing rules:

Any -> Firewall -> any -> drop
Any -> internal_dns(public.ip) -> udp/53 -> allow
internal_dns(internal.ip) -> Any -> udp/53 -> allow

Thanks



______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
[prev in list] [next in list] [prev in thread] [next in thread]