Solved

don't understand some firewall log activities

Posted on 2001-06-04
3
201 Views
Last Modified: 2013-11-16
this is the screen capture from the checkpoint firewall log viewer. Please take a look first

http://free4home.dns2go.com/~adrian/screen01.jpg



I always find that these two hosts connect my firewall thru service is domain-udp.
Actually these two hosts is from our ISP

What are they doing ?
0
Comment
Question by:adrianmak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 12

Expert Comment

by:Housenet
ID: 6154773
-Looks to me to be simple DNS traffic. port 53 UDP protocol 7. You cannot resolve sites from the lan with regular DNS queries..
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6154774
-Looks to me to be simple DNS traffic. port 53 UDP protocol 7. You cannot resolve sites from the lan with regular DNS queries..
0
 
LVL 1

Accepted Solution

by:
Haho earned 5 total points
ID: 6159094
yes it does seem like DNS query packets..
DNS query uses UDP but DNS zone transfer uses TCP.
Is your servers a DNS server.. that would explain your ISP querying your server for xxx.com because your server is the authorative DNS server for xxx.com.

Cheers
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question