abnormal udp traffic detected, source port is zero, DROP (port53)

Options
ktv
ktv Posts: 5 image  Freshman Member
First Comment
edited April 2021 in Security
HI,
I have a lot of alerts like this:

but I dont know how is it possible if I have got a rule to block DNS serwer port (UDP 53) on my firewall (DNS_UDP is  set to UDP53 port).
Any advice? 



All Replies

  • PeterUK
    PeterUK Posts: 4,258 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    So its blocked what are you trying to do? stop it logging the block?
  • ktv
    ktv Posts: 5 image  Freshman Member
    First Comment
    yep,
    I dont know why I'm alerted if my port is closed (and Log denied traffic is set to no) :)



  • PeterUK
    PeterUK Posts: 4,258 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    Its logging due to it being set in security policy > ADP > profile tab 


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,350 image  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fifth Anniversary

    Hi @ktv

     

    Those logs were generated by UDP abnormal traffic protection of ADP.

    So, even you disable DNS UDP port 53 session on security policy, those similar log messages still can be seen.

    If you don’t want to see them you may navigate Configuration > Security Policy > ADP and set "Traffic Anomaly", "Protocol Anomaly" Log to “no”.

    Hope this can help you.


    image.png

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)