Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 03-08-2011
Member
 
Join Date: Jun 2011
Posts: 84
Large amount of UDP packets on Network

Each day I receive about 12 e-mails from my firewall at work, full of logs. There are plenty of denied packets / will fall LAN -> WAN. I have run Nmap and Wireshark and am incapable to shape out what the procedure is generating the packets. A UDP-bap netstat reveals a set of open connections on substandard (e.g. port 40000) ports that are linked to [Dns.exe]. I have no idea what DNS is the process of trying to do, or are related to this at all. There are about 150 packages of this kind that hit the firewall over 10 minutes. I wonder what is causing it and stop service.
Reply With Quote
  #2  
Old 03-08-2011
Member
 
Join Date: Jun 2009
Posts: 1,205
Re: Large amount of UDP packets on Network

The developing countries run their implementation DNS for name resolution and they are trying to talk to the estate or any freight (not used) you may have setup. Actually, it all depends on how to configure DNS servers, but could very well be normal. The port 53 is indeed DNS for both TCP and UDP, which will try UDP first and then move on to TCP if unsuccessful. So the packets are actually intended for the WAN side and not my gateway, right, as it seeks a higher order
Reply With Quote
  #3  
Old 03-08-2011
Member
 
Join Date: May 2008
Posts: 1,304
Re: Large amount of UDP packets on Network

A UDP-bap netstat reveals a lot of open connections on non-standard (eg, port 40000) ports that are linked to [Dns.exe]. I have no idea what DNS is the process of trying to do, or are related to this at all. There are about 150 packages of this kind that hit the firewall over 10 minutes. I wonder what is causing it and stop service. There is no possibility of viruses or malicious applications attempting to call any house. I am not able to provide the Wireshark packet capture.
Reply With Quote
  #4  
Old 03-08-2011
Member
 
Join Date: Nov 2008
Posts: 1,066
Re: Large amount of UDP packets on Network

Well, this particular network, we are using both forwarders and root hints, because there is no risk of being poisoned. However, for a public facing, can absolutely understand what you are saying. So there are no entries in the DNS event log, just a lot of firewall logs packets that are falling. DNS seems to work for both WAN / LAN communication side, though, could be via TCP and the extra work involved.
Reply With Quote
  #5  
Old 03-08-2011
Member
 
Join Date: Nov 2008
Posts: 1,001
Re: Large amount of UDP packets on Network

The AD servers are configured to go to it and the secondary AD server for all DNS requests. Carriers and the root hints are, of course, all the WAN side. That's why I'm confused. All this traffic is to beat my gateway firewall, but I do not know what will be the gateway in the first place for name resolution. If my firewall ACL is configured:
  1. Domain Controllers, DNS -> Gateway = Allow
    or
  2. Domain Controllers, DNS -> WAN = Allow
    or
  3. Domain Controllers, DNS -> * = Allow
    The reverse (*DNS -> Domain Controllers = Allow), but my existing rules are set to option A.
Reply With Quote
  #6  
Old 03-08-2011
Member
 
Join Date: Mar 2009
Posts: 1,221
Re: Large amount of UDP packets on Network

If I understand correctly, you have warning UDP LAN -> firewall messages of confidence? If that means that somewhere for some reason, something is configured to ask the DNS gateway (firewall: trust is often the gateway, at least for the segment is inches) unless you is using something like OpenDNS filtering, you really should not have freight (except for some very strict reasons, such as the resolution of internal non-public domain name).
Reply With Quote
  #7  
Old 03-08-2011
Member
 
Join Date: Jul 2009
Posts: 1,174
Re: Large amount of UDP packets on Network

I customized the Access Regulation and zero worked. But since I do not use DHCP to push DNS to my clients, I figured I could have two domain controllers in the network settings on the firewall. When I did this, all traffic stopped, but the firewall is unable to resolve the names of log files and cannot determine the name of the mail server to send reports to me. Unfortunately, it still reports that it is dropping UDP packets from the domain controllers for the Firewall / Gateway.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Large amount of UDP packets on Network"
Thread Thread Starter Forum Replies Last Post
I want to link a large amount of spreadsheets in Excel M.N.S MS Office Support 2 23-02-2012 07:43 PM
Large amount of memory is occupied by Apps in iPhone Bryn Portable Devices 5 03-09-2011 08:14 PM
Does a large amount of content can affect website $kRITIKa$ Technology & Internet 5 09-07-2011 10:43 PM
Computer Specs for storing large amount of movies meax Hardware Peripherals 1 01-06-2011 12:34 AM
Is SVCHOST.exe using large amount of RAM? Padmal Windows Vista Performance 1 18-05-2008 02:28 AM


All times are GMT +5.5. The time now is 04:19 AM.