 |
|
I am receiving packets at my firewall from ns1.ip-plus.net with source port number 53. What is your server doing?
|
|
The packets are DNS reply packets to DNS queries that were sent from within your address range. Since these are UDP packets, it is relatively complex for a firewall to detect these.
To prevent such false alarms from your firewall, you should increase the timeout setting for UDP connections on your firewall to at least 120 seconds, preferably to 300 seconds.
|
| |
|
I am getting port scans from one of your systems. What is happening here?
|
Generally speaking, it is very unlikely that this is happening. There is logical explanation for the log entries produced by your firewall. To investigate this problem, we ask you to send us a copy of your firewall log. The log must contain the following information for each connection:
- Time (Date, Hours, Minutes, Seconds)
- Source port & IP address
- Destination port & IP address
- If possible any other related information you can provide.
Please do not send us screenshots of your firewall log. Instead, export the log information to a text file and send us the file.
|
|
