cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
688
Views
0
Helpful
1
Replies

port 53

denvermtn
Level 1
Level 1

Why do I get udp sessions built to port 53 telnet. We regularly get Syslog messages that indicate people inside the firewall are having telnet sessions to the outside. Here is a sample debug message.

built udp connection for faddr a.a.a.a/23 gaddr b.b.b.b/34746 laddr c.c.c.c/1617

a.a.a.a is the next hop address. b.b.b.b is the global address we advertise. c.c.c.c is the internal address.

When I check, this activity is just internet surfing to common sites.

We are running Webtrends software to analyze our debug messages on a 515 firewall. Global translation to pat is used (b.b.b.b).

1 Reply 1

mike-banks
Level 1
Level 1

Port 53 is used for DNS request. So if someone is surfing the internet you will see udp request to port 53.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: