[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-1
Subject: [FW-1] strange udp traffic in firewall-1 ?
From: X Xpid <modedevotion () YAHOO ! CA>
Date: 2004-03-30 17:09:43
Message-ID: 20040330170943.56650.qmail () web12821 ! mail ! yahoo ! com
[Download RAW message or body]
We are running a firewall-1 v.4.1 in a Nokiaip330.Ipso
3.4.
Our network is composed of 1 external dns server
(public zone) and 1 internal server (trusted zone)
I've detected following entries in firewall logs.Is
this normal behaviour? I ve checked in Properties in
Policy Editor and
"Accept domain name over udp"
"Accept UDP replies"
both are allowed.
Suspicious? Log entries
source: some.public.ip.address (random port) >
destination : external.fw1.ip.address (udp/53)
action:allowed
I did a nslookup to my fw and it replied but i m not
getting a response for a regular dns query.
Can anyone explain this behaviour?
i guess for now i will set the follwoing rules:
Any -> Firewall -> any -> drop
Any -> internal_dns(public.ip) -> udp/53 -> allow
internal_dns(internal.ip) -> Any -> udp/53 -> allow
Thanks
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic