Hello
We observed an unusual traffic combining ICMP and UDP packets while running the tcpdump command on the DNS caching server Kindly note that only UDP DNS traffic is allowed on this server (ICMP is not allowed from outside to DNS server) Any help regarding this issue? Why we are getting ICMP and UDP requests? Could it be an attack? Logs: # tcpdump -n icmp 15:41:05.054237 IP 10.151.130.74 > DNSIP: ICMP 10.151.130.74 udp port 52003 unreachable, length 52 15:41:05.064449 IP 10.75.6.36 > DNSIP: ICMP 10.75.6.36 udp port 50162 unreachable, length 52 15:41:05.067953 IP 10.33.10.155 > DNSIP: ICMP 10.33.10.155 udp port 50233 unreachable, length 52 15:41:05.067958 IP 10.75.15.162 > DNSIP: ICMP 10.75.15.162 udp port 53847 unreachable, length 52 15:41:05.072727 IP 10.33.12.219 > DNSIP: ICMP 10.33.12.219 udp port 51024 unreachable, length 52 .. Example: 10.151.130.74 (client source IP) DNSIP: DNSServer IP Regards Daniel
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
