|
Thread Index [isp-dns] Re: What to make of "source port zero packet" log entriies
I've got a log full of these entries. Meaning?That means that the packet came from port 0 -- normally, the source for DNS packets should be a port greater than 1024 (or occasionally port 53). I'm not sure if port 0 is even allowed. More important is the IP address -- 2.64.32.33 is in a reserved IP range (see http://www.iana.org/assignments/ipv4-address-space ). This means that either the packet was corrupted (but if it is always getting corrupted to the same IP, there's a serious problem, and you will likely see other symptoms), or someone is sending packets from an IP that is not theirs (which would normally indicate an attack of some sort, unless you are using non-private IPs internally). You may want to have your firewall block all packets from 2.0.0.0/8. While you're at it, you could add some other reserved ranges, in case this person continues on another IP. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Thread Index |
|
