LinuxQuestions.org - My postfix box is sending UDP FLOODS!

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - My postfix box is sending UDP FLOODS! (https://www.linuxquestions.org/questions/linux-security-4/my-postfix-box-is-sending-udp-floods-293415/)

graystarr

02-22-2005 10:28 AM

My postfix box is sending UDP FLOODS!

I am getting this in my alerts from my firewall.

2005-02-22 08:43:33 alert UDP Flood, From 192.168.4.21/35507 to 192.168.3.4/53, using protocol UDP (on zone Trust,interface ethernet1) occurred 1 times

This is a RH 9 box running Postfix. Can someone please help me with this?

the RH 9 box is the 192.168.4.21 and not sure where the 3.4 is comming from as we no longer use that subnet

TIA,

graystarr

Capt_Caveman

02-22-2005 07:19 PM

First, since you're using RH 9 is your system currently patched, as Redhat stopped supporting it almost a year ago?

Second, is there any reason, why this machine would be doing DNS lookups at the address (was the .3.4 host a secondary DNS server or something similar)?

Third, can you post a capture of packets from this machine? From another system on the network use tcpdump -X dst port 53 and host 192.168.4.21.

All times are GMT -5. The time now is 12:26 PM.