Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

port 53

Why do I get udp sessions built to port 53 telnet. We regularly get Syslog messages that indicate people inside the firewall are having telnet sessions to the outside. Here is a sample debug message.

built udp connection for faddr a.a.a.a/23 gaddr b.b.b.b/34746 laddr c.c.c.c/1617

a.a.a.a is the next hop address. b.b.b.b is the global address we advertise. c.c.c.c is the internal address.

When I check, this activity is just internet surfing to common sites.

We are running Webtrends software to analyze our debug messages on a 515 firewall. Global translation to pat is used (b.b.b.b).

1 REPLY
New Member

Re: port 53

Port 53 is used for DNS request. So if someone is surfing the internet you will see udp request to port 53.

293
Views
0
Helpful
1
Replies