From owner-freebsd-questions@FreeBSD.ORG Thu Mar 19 15:26:55 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 028D9452 for ; Thu, 19 Mar 2015 15:26:55 +0000 (UTC) Received: from mail-ie0-x233.google.com (mail-ie0-x233.google.com [IPv6:2607:f8b0:4001:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B94A5FF8 for ; Thu, 19 Mar 2015 15:26:54 +0000 (UTC) Received: by iecsl2 with SMTP id sl2so68794481iec.1 for ; Thu, 19 Mar 2015 08:26:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=sJZXwuKnH30iXhgPKAceaa3Zkrpx73K8qdJqTKXlgfE=; b=VBgtOtCH/18YwW/yS3jzWaLc0ZB7wPm/zGn94rstN6+fh1kYxgUEDBiOOiosnqJ/68 PpHEil8qZerDIKWSfzqqqZ66/e5nEYFfcLFx7Wcrs/G25SDXG/0Rqgb+DG0L1aN6OIuQ 9h+GwRTDF4XtpOIryzEl4BrkmMq96n0cg+xSXEkTciPHdkjttQkBe11BjyFEZCvx2hIv BButiPgllZ10u2gPfJkMD7YC4xzXC0Zr6tDo5Dby0D7F/Q1I0891g6jx/SAM40NkBLQG cQJ3zQHtR2nSVvuBOyLyMv5uxQvN6ueLaWt4WJXk3c4w+ljBtDFaYQfLaS8848hG+Pf3 aZIw== X-Received: by 10.42.224.1 with SMTP id im1mr13796024icb.55.1426778814260; Thu, 19 Mar 2015 08:26:54 -0700 (PDT) Received: from [10.0.10.1] (cpe-76-190-244-6.neo.res.rr.com. [76.190.244.6]) by mx.google.com with ESMTPSA id w17sm1093442iod.44.2015.03.19.08.26.53 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 19 Mar 2015 08:26:53 -0700 (PDT) Message-ID: <550AEAC2.8040000@gmail.com> Date: Thu, 19 Mar 2015 11:26:58 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Olivier Nicole Subject: Re: public network traffic to my ip address port 53 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2015 15:26:55 -0000 Olivier Nicole wrote: > Ernie, > > >> In my firewall log I see thousands of udp packets from ip addresses all >> over the word trying to access my freebsd gateway server on port 53. >> Right now I am blocking them and see no negative effects. >> Is there any valid reason to allow these unsolicited inbound packets >> access to my system on port 53? >> > > You know port 53 is DNS? > > Maybe your IP was previously used by a DNS server. > > If you bloc port 53, you may consider leaving it open enough to be able > to solve your own DNS requests. > > Olivier > > I have been running this home server for 15 years and have never had a dsn server. Last time I scrutinized my firewall log was 2 plus years ago and I did not have all this unsolicited inbound dns traffic. To me it looks like a search for dos targets. To my knowledge dsn servers DON'T roll through pubic IP address ranges looking for other dsn servers. So I ask the question again "Is there any valid reason to allow these unsolicited inbound packets access to my system on port 53?".