I am logging unsolicited packets from "outside" our LAN via iptables:
....
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ! eth0 -m state --state NEW -j LOG --log-level 7
--log-prefix UNSOLICITED:
When I parse the log file, I am occasionally finding --state NEW UDP
packets from 148.78.149.20[0123] SPT=53. The first 2 of those addresses
are the nameservers of record, and:
$ cat /etc/resolv.conf
nameserver 148.78.249.200
nameserver 148.78.249.201
My question is: Why would a nameserver send me a --state NEW packet,
especially originating from port 53 where DNS requests are listened for,
and why might those other 2 addresses be involved?
I'm sorry I can't figure out how to add a Followup-To: header using this
Evolution newsreader.
|
Similar Threads
Linear Mode
