First, whois 216.82.176.7
216.82.176.7 belongs to a bank in the US https://www.53.com/
I don't know if it's a real bank or what?
$ whois 216.82.176.7
The last part of your ISPs message is interesting because it says:
"packet length 1400 bytes exceeds configured limit of 512 bytes"
So something is sending excessively large UDP packets to the bank via
port 53.
This may just be DNSSEC EDNS0 protocol which is being blocked by your
ISP's firewall.
But in this case, 53.com does not support DNSSEC (never just a bank!)
It would be good if you could ask your ISP for a packet capture (say in
pcap format) which you could analyze off line.
Al.
On 03/15/2013 09:05 AM, Georgios Petasis wrote:
Hi all,
I have a small server that I have recently upgraded to fedora 18. After
a while, I got notified by
the provider that their firewall catches thousands of requests, with the
following error message:
*Source IP*: ellogon-SKEL
*Source Port*: 35442
*Destination IP*: 216.82.176.7
*Destination Port*: 53
*Description*: Dropped UDP DNS request from dmz:ellogon-SKEL/35442 to
outside:216.82.176.7/53; packet length 1400 bytes exceeds configured
limit of 512 bytes
I have verified all packages (with rpm -Va), and didn't see anything
strange.
It is strange that the machine is trying to contact a server in USA,
isn't it?
Is there anything else to do, than re-installing the machine?
(Unfortunately, due to the huge load it creates to their firewall, they
remove the network cord from the server, so I have a few hours to debug
this...)
George
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
