Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
1
Replies

port 53

denvermtn
Level 1
Level 1

‎03-13-2002 08:13 AM - edited ‎03-08-2019 10:02 PM

Why do I get udp sessions built to port 53 telnet. We regularly get Syslog messages that indicate people inside the firewall are having telnet sessions to the outside. Here is a sample debug message.

built udp connection for faddr a.a.a.a/23 gaddr b.b.b.b/34746 laddr c.c.c.c/1617

a.a.a.a is the next hop address. b.b.b.b is the global address we advertise. c.c.c.c is the internal address.

When I check, this activity is just internet surfing to common sites.

We are running Webtrends software to analyze our debug messages on a 515 firewall. Global translation to pat is used (b.b.b.b).

Labels:
0 Helpful
1 Reply 1

mike-banks
Level 1
Level 1

‎03-14-2002 07:21 AM

Port 53 is used for DNS request. So if someone is surfing the internet you will see udp request to port 53.

0 Helpful
Customers Also Viewed These Support Documents