My postfix box is sending UDP FLOODS!
I am getting this in my alerts from my firewall.
2005-02-22 08:43:33 alert UDP Flood, From 192.168.4.21/35507 to 192.168.3.4/53, using protocol UDP (on zone Trust,interface ethernet1) occurred 1 times This is a RH 9 box running Postfix. Can someone please help me with this? the RH 9 box is the 192.168.4.21 and not sure where the 3.4 is comming from as we no longer use that subnet TIA, graystarr |
First, since you're using RH 9 is your system currently patched, as Redhat stopped supporting it almost a year ago?
Second, is there any reason, why this machine would be doing DNS lookups at the address (was the .3.4 host a secondary DNS server or something similar)? Third, can you post a capture of packets from this machine? From another system on the network use tcpdump -X dst port 53 and host 192.168.4.21. |
All times are GMT -5. The time now is 12:26 PM. |