Best Answer: does your pop server require (authsmtp) it is more secure, try changing your outgoing smtp to authsmtp, wiki authsmtp on wikipedia.
Re:Originally posted by: guy
rule #9 on my firewall is:
DENY udp —-l- 0.0.0.0/0 0.0.0.0/0 501:2099
that looks like a pretty crappy rule but I'm not sure how your consumer level router does rules. Allow outbound udp to port 53 and those entries will go away.
Re:You have an excellent point but read my other post. Why would I need network traffic from all those comps that are hitting me back on a set range of ports? If I run netstat I don't have any open connections that might lead me to believe that I'm inadvertantly sending out traffic.
Re:Not only are those DNS lookups, those are probably responses to your DNS queries..
Your box is using a port (like 1029) to open a UDP connection to port 53 on your ISP's DNS server. Remember, UDP is connectionless, so there really isn't any "relation" between the request and the reply packet. When RR DNS replies, it sends it back from port 53 to the port that you used to send the request – 1029. It trips your firewall and bang. Off you go.
What might be happening that's tripping your firewall is that you could be sending a DNS request to a server on one IP, and that server is sending it back to you from another IP address. There are various network scenarios where this can happen – Load balanced servers, servers with multiple NIC's, etc.
Nothing to worry about, except your firewall could be blocking traffic you actually need to use the network.
- G
Re:rule #9 on my firewall is:
DENY udp —-l- 0.0.0.0/0 0.0.0.0/0 501:2099
Re:those are dns lookups. source port 53, dest port is a port > 1024 on your box. what is rule #9 in your ruleset?
Re:No need to post the same question twice.
Re:The weird part is that I am being scanned by the IP that RR's DNS servers sit on. So either someone is spoofing the IP of the DNS servers which might be poisoning my ARP cache? That might explain why my connection is very unstable right now. I have made another posting with a listing of all the IPs that are currently port scanning me. I realize that port scans happen all the time but I've never been hit with this many port scans in a period of just a few minutes, it struck me as rather odd. I certainly didn't expect to see the IP of RR's DNS servers port scanning me!
Re:I have crossreferenced the port and come up with ICQ, and bugbear virus, trojan port for latinus and net spy.
It maybe a worm or virus that has infected that machine or a spoof of that machine IP.
0 Comments.