Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA issue with firewall rule

I created a rule in CSA 6.0 that, by default, blocks any application on any machine being connected as a server.  On a DC we made an exception for the server to be connected on UDP 53 for DNS.  However, we are seeing the following messages below.  The port ranges from, so far, 30,000-65,000.  It seems odd that dns.exe would be accepting a connection as a server on all of those ports.  Has anyone seen this before or had this happen to them or is this normal?  Also, it is running OpenDNS.

Thanks,

Jay

Audit: The process 'C:\WINDOWS\system32\dns.exe' (as user NT AUTHORITY\SYSTEM) attempted to accept a connection as a server on UDP port 61660 from 208.67.220.220 using interface Wired\HP NC7761 Gigabit Server Adapter. The operation would have been denied.

2 REPLIES

Re: CSA issue with firewall rule

You are behind a hardware/appliance firewall right ? if so, that port should not be open, which tells me that this is an accept of a udp reply from opendns on a request the server made, and not an actual request from opendns to your server, cause all dns traffic works on port 53 tcp/udp as destination port.

Re: CSA issue with firewall rule

oh, and you could do a specific rule for the opendns addresses where this is allowed.

324
Views
0
Helpful
2
Replies