[CLUG-tech] Ports 1026-1028/udp?
jspies at sun.ac.za
Wed Dec 12 11:11:24 SAST 2007
On Tue, Dec 11, 2007 at 10:42:37AM +0200, Neil Blakey-Milner wrote:
> On 12/11/07, Johann Spies <jspies at sun.ac.za> wrote:
> > On my mailservers I find the following report by fwanalog (the IP Address
> > being the external interface of the mail server):
> > 621: 99.20%: 306.92: Dec/10/07 11:58 PM: 220.127.116.11/udp
> > 221: 35.30%: 107.56: Dec/10/07 11:58 PM: 18.104.22.168:1026/udp
> > 197: 31.47%: 98.50: Dec/10/07 11:58 PM: 22.214.171.124:1027/udp
> > 197: 31.47%: 98.50: Dec/10/07 11:58 PM: 126.96.36.199:1028/udp
> > 6: 0.96%: 2.37: Dec/10/07 3:47 PM: 188.8.131.52:ms-sql-m (1434)/udp
> > So far I could not find out what is causing this traffic.
> > I am running exim, spamassassin (with razor de-activated at this moment),
> > clamav and postgresql on the servers.
> > Any idea on what it is?
> DNS, probably. The local port when talking to port 53 on name servers.
Why would IP-tables (Shorewall) drop the traffic when I have allowed
udp port 53 from the server to the internet?
Johann Spies Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch
"Be of good courage, and he shall strengthen your
heart, all ye that hope in the LORD."
More information about the clug-tech