Good evening all
I'm suddenly getting emails from my Netgear FVX538 security router that seem to be reporting UDP flooding on port 53 originating from my 2003 SBS server; port 53, if I remember correctly, is the one used by DNS.
I attach a portion of the router log file, the netstat -ano output for this activity that indicates that dns.exe (PID 1648) is generating the traffic, and a procmon log giving some path information for the transmitted UDP packets. I've substituted my.server for the actual server name.
My question is twofold, really - how do I interpret these logs, and how should I go about determining the cause?
I'm rather concerned that something bad is happening, particularly as my mail server is starting to appear on RBLs.
I've run a virus scan on the server with Eset's mail server product, and it came up clean.
Any help would be much appreciated. procmon.txt netstat-output.txt FVX538-log.txt