Any idea what this is?

Discussion in 'Cisco' started by Matt, May 3, 2004.

  1. Matt

    Matt Guest

    Does anyone have any idea what this traffic is? It all appears to be
    coming from (dns?) servers on AOL. In huge quantities.. Strangely.. if
    I block the offending port (1057) at the edge router.. then DNS entries
    that need to go outside our network break... what is port 1057? I can't
    find it listed in any DNS information... Any idea what to do about this?


    May 3 09:20:05 hydrogen May 03 2004 05:07:38: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:38: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:38: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:38: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:38: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:38: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen last message repeated 3 times
    tail: /var/log/routers/hydrogen.log: file truncated
    May 3 09:20:05 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny icmp
    src outside:66.79.161.51 dst dmz:63.174.244.1 (type 3, code 3) by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny tcp
    src outside:204.17.18.220/65454 dst dmz:63.174.244.8/25 by access-group
    "acl_out"
    May 3 09:20:05 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:64.12.51.145/9052 dst dmz:63.174.244.1/1057 by access-group
    "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:152.163.159.220/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:152.163.159.221/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen last message repeated 3 times
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:39: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:06 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:64.12.51.147/9052 dst dmz:63.174.244.1/1057 by access-group
    "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:40: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:07 hydrogen last message repeated 2 times
    May 3 09:20:07 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:205.188.157.241/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:205.188.157.242/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:149.174.211.3/9052 dst dmz:63.174.244.1/1057 by access-group
    "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:205.188.157.244/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.222/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.219/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.221/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.219/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.222/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.222/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.219/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.219/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.221/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.222/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.219/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:41: %PIX-4-106023: Deny udp
    src outside:152.163.159.222/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
    May 3 09:20:08 hydrogen May 03 2004 05:07:42: %PIX-4-106023: Deny udp
    src outside:152.163.159.219/9052 dst dmz:63.174.244.1/1057 by
    access-group "acl_out"
     
    Matt, May 3, 2004
    #1
    1. Advertisements

  2. Matt

    Bill F Guest

    the game called StarTron uses port 1057
     
    Bill F, May 3, 2004
    #2
    1. Advertisements

  3. :Does anyone have any idea what this traffic is? It all appears to be
    :coming from (dns?) servers on AOL. In huge quantities.. Strangely.. if
    :I block the offending port (1057) at the edge router.. then DNS entries
    :that need to go outside our network break... what is port 1057? I can't
    :find it listed in any DNS information... Any idea what to do about this?


    :May 3 09:20:05 hydrogen May 03 2004 05:07:38: %PIX-4-106023: Deny udp
    :src outside:205.188.157.243/9052 dst dmz:63.174.244.1/1057 by
    :access-group "acl_out"

    The question might be the other way around, as in "What is port 9052"?

    I notice that the source IPs vary quite a bit, but I also notice that
    the source port stays the same.

    Do your logs extend far enough back that you can find the first few
    occurances, and see if there was perhaps something on your end that
    triggered it? Port 1057 is not special to DNS, but it might happen to
    be the port your DNS server happens to be sending out queries on.
    AOL might be trying to reply to a query you sent earlier.
     
    Walter Roberson, May 4, 2004
    #3
  4. Matt

    Matt Guest

    Ok apparently for some reason AOL's DNS was hammering our DNS. Which
    explains the 'dns outage'. Blocking the port was unreleated to the
    DNS server going 'out' and it only went out because of the overload of
    traffic to it. I'm still trying to figure out why AOL would do that.
     
    Matt, May 4, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.