Example:
...
[FONT=monospace]/var/log/packetfilter.log:2013:10:01-16:32:11 gateway ulogd[4428]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" srcmac="c4:39:3a:91:36:86" dstmac="0:15:17:6d:3b:7d" srcip="76.96.13.141" dstip="50.***.***.***" proto="17" length="83" tos="0x00" prec="0x40" ttl="56" srcport="53" dstport="4597" [/FONT]
...
The traffic is coming from these hosts:
[FONT=Verdana]68.87.68.165[/FONT]
[FONT=Verdana]atlt-dnssec01.s3woodstock.ga.atlanta.comcast.net[/FONT]
[FONT=Verdana]68.87.75.201[/FONT]
[FONT=Verdana]pitt-dnssec02.summitpark.pa.pitt.comcast.net[/FONT]
[FONT=Verdana]76.96.90.218[/FONT]
[FONT=Verdana]atlt-dnssec05.s3woodstock.ga.atlanta.comcast.net[/FONT]
[FONT=Verdana]76.96.90.223[/FONT]
[FONT=Verdana]atlt-dnssec06b.s3woodstock.ga.atlanta.comcast.net[/FONT]
[FONT=Verdana]76.96.13.151[/FONT]
[FONT=Verdana]pitt-dnssec03b.summitpark.pa.pitt.comcast.net[/FONT]
[FONT=Verdana]76.96.90.219[/FONT]
[FONT=Verdana]atlt-dnssec05b.s3woodstock.ga.atlanta.comcast.net[/FONT]
[FONT=Verdana]76.96.90.222[/FONT]
[FONT=Verdana]atlt-dnssec06.s3woodstock.ga.atlanta.comcast.net[/FONT]
There is a default rule to allow outbound traffic on port 53 but should I allow inbound traffic from these particular hosts?
I have the following DNS forwarders setup so I don't know why the hosts listed above are always attempting inbound traffic on port 53:
This thread was automatically locked due to age.
