|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Even more unusual traffic
I apologize for sending three messages, but in the review of our access-list violations, I have discovered even more odd and unusual traffic... Oct 13 11:49:03 protecting.router.ip.address 46: %SEC-6-IPACCESSLOGP: list 102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 3 packets Oct 13 11:54:03 protecting.router.ip.address 48: %SEC-6-IPACCESSLOGP: list 102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 3 packets Oct 13 13:49:06 protecting.router.ip.address 50: %SEC-6-IPACCESSLOGP: list 102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 2 packets Oct 13 13:54:07 protecting.router.ip.address 52: %SEC-6-IPACCESSLOGP: list 102 denied udp 10.10.10.10(0) -> 20.20.20.20(0), 2 packets IANA lists port 0 as reserved (failing to note what it is reserved for), so why am I seeing this traffic in the wild? What is its function, both as a source port and a destination port? And more importantly, why is someone trying to access it on my primary DNS server? Your help is appreciated... Jesse Whyte Security Analyst Office of Information Resources State of Tennessee (615)741-8651
|