abnormal udp traffic detected, source port is zero, DROP (port53)

ktv
ktv Posts: 5
First Comment
edited April 2021 in Security
HI,
I have a lot of alerts like this:

but I dont know how is it possible if I have got a rule to block DNS serwer port (UDP 53) on my firewall (DNS_UDP is  set to UDP53 port).
Any advice? 



All Replies

  • PeterUK
    PeterUK Posts: 3,331  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    So its blocked what are you trying to do? stop it logging the block?
  • ktv
    ktv Posts: 5
    First Comment
    yep,
    I dont know why I'm alerted if my port is closed (and Log denied traffic is set to no) :)



  • PeterUK
    PeterUK Posts: 3,331  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Its logging due to it being set in security policy > ADP > profile tab 


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @ktv

     

    Those logs were generated by UDP abnormal traffic protection of ADP.

    So, even you disable DNS UDP port 53 session on security policy, those similar log messages still can be seen.

    If you don’t want to see them you may navigate Configuration > Security Policy > ADP and set "Traffic Anomaly", "Protocol Anomaly" Log to “no”.

    Hope this can help you.



    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

Security Highlight