There's no such thing as a UDP "connection" really. Are you sure these aren't DNS replies to requests made by these remote hosts? Frequently if a host tries to perform DNS resolution, it may end up querying more than one server in an attempt to get a response. If it gets a response from one, it may tear down the UDP socket even though more than one server was queried. If there are any other replies that get delivered afterward, they may get an ICMP Unreachable message generated when they arrive. This may make it seem like the DNS server is trying to send packets somewhere they shouldn't be going. If these are web servers, perhaps they have DNS resolution turned on in their logging and you have a user on your network making HTTP requests against these servers. Just some thoughts.. David From: Philip Bartholomew [mailto:Philip.Bartholomewat_private] > I wonder If any of you fine fellows can help. My 2 Nameservers are making > a number of UDP connections "10-20 a minute" originating on port 53 to > alternating dest ports e.g.: 1113, 56008, 54002 tries about ten ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 18:23:37 PDT