Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: lucho115 on August 07, 2006, 05:30:31 PM
-
sme7 server behind ipcop, try to connect to many internet address like:
207.234.248.200 dest port 53
al puerto 53 (domain), the ip is random, and the out port too , like 27344, 48099, etc...
what means that , i have a root kit or a trojan, or what?
thks
bye
-
SME has it's own DNS and it's working.
-
working? doing what? i have no a domain name pointing to the server, is an internal server, thats also work like a mail backup of other sme server thats is mail server directly connected to internet without i second firewall.
So, its ok? can i desactive this ?
thks
-
By default, tinydns queries the root DNS servers to find the actual DNS server for each domain before doing a query - hence the apparent randomness of the targets.
Each IP conversation is started using a randomly generated local source port number - hence the randomness of the source port. (This is normal behavior for TCP/IP)
There are several scheduled processes that do DNS lookups. For example, SME searches for available yum updates periodically and freshclam runs frequently to search for AV definition updates.
If your SME is setup as server/gateway then everyone behind the sme will of course generate traffic (including DNS) off-site.
If your SME is running DHCP and handing out IP addresses, then any workstations with dynamic IP addresses will be using the SME for DNS lookups, causing apparently random DNS traffic.
You can prevent the SME from doing its own direct DNS queries by configuring a "corporate dns server" (server-manager/domains/modify corporate dns settings). You can put a local server address here if you need your SME to get customized dns information, or you can point to your ISP's dns servers if you just want to have a predictable target or 2 for all DNS traffic.