Hello everyone,
I have recently received access to our firewall. I had to open up ports for remote access. After locking down most ports and whitelisting the correct IP address everything seems to be running smoothly. Except for the fact that 4.2.2.2 ( a well known Level3 DNS server) keeps hitting my firewall port 53 ( DNS port) every 5 seconds or so multiple times on lots of different high lvl ports 30000+ . Now I do not have access to our PBX server but we do not use 4.2.2.2 in our environment for DNS although I am not able to see the settings on the server so I cannot confirm. they are all UDP outbound connections. It just seems really excessive as 8.8.8.8 ( google dns) only hits once and a while. Is this normal or am I somehow getting hacked? DNS spoofing?
No comments:
Post a Comment