?
Solved

don't understand some firewall log activities

Posted on 2001-06-04
3
Medium Priority
?
210 Views
Last Modified: 2013-11-16
this is the screen capture from the checkpoint firewall log viewer. Please take a look first

http://free4home.dns2go.com/~adrian/screen01.jpg



I always find that these two hosts connect my firewall thru service is domain-udp.
Actually these two hosts is from our ISP

What are they doing ?
0
Comment
Question by:adrianmak
  • 2
3 Comments
 
LVL 12

Expert Comment

by:Housenet
ID: 6154773
-Looks to me to be simple DNS traffic. port 53 UDP protocol 7. You cannot resolve sites from the lan with regular DNS queries..
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6154774
-Looks to me to be simple DNS traffic. port 53 UDP protocol 7. You cannot resolve sites from the lan with regular DNS queries..
0
 
LVL 1

Accepted Solution

by:
Haho earned 20 total points
ID: 6159094
yes it does seem like DNS query packets..
DNS query uses UDP but DNS zone transfer uses TCP.
Is your servers a DNS server.. that would explain your ISP querying your server for xxx.com because your server is the authorative DNS server for xxx.com.

Cheers
0

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question