Still seeing packets
Tue, 23 Oct 2001 21:11:29 -0400
That, my friend is a harmless DNS lookup. as in nslookup www.yahoo.com =
<the ip address>.
----- Original Message -----
From: "Patrick Nelson" <firstname.lastname@example.org>
To: "Netfilter List (E-mail)" <email@example.com>
Sent: Tuesday, October 23, 2001 4:08 PM
Subject: Still seeing packets
> So I have rules to block ports 137 and 138 udp on the output of the
> interface. Which seems to have taken care of most of the smb nmb traffic.
> I have noticed (using tcpdump -i <external interface>) that when someone
> starts Outlook2K I see a packet go out the external interface of the
> firewall that looks like:
> fwsys1.61367 > ns1.domain: 1+ A? WASH.WOODS. (35)
> ns1.domain > fwssy1.61367: 1 NXDomain* 0/1/0 (110)
> What is this or better how can I stop it?