!Strange firewall logs

dns

#1

Good day,
I have reports in my firewall about port scans, and UDP floods, in connection to CF DNS address, connection problems. Take look in attachment, My location is Serbia, Belgrade, ISP - SBB.
I have revert my dns config in router to default (sbb), and changed in my adapter to 1.1.1.1, 1.0.0.1., still getting strange logs.


#2

I’m no Infosec expert, but to me, those look like regular DNS queries with responses coming back on non-privileged ports.


#3

What’s the firewall vendor?
What does 192.168.0.15 usually do?
Is it a “normal” client?

The source (1.1.1.1) could be forged.
But since 0.15 is broadcasting NetBIOS and your firewall detects it as flood. I am not pretty sure atm :thinking:


#4

I have restored DNS servers in router to my ISP default, problem still persist. It’s probably router firmware error. I will try to fix it by upgrading.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.