abnormal udp traffic detected, source port is zero, DROP (port53)

ktv
ktv Posts: 5
First Comment
edited April 2021 in Security
HI,
I have a lot of alerts like this:

but I dont know how is it possible if I have got a rule to block DNS serwer port (UDP 53) on my firewall (DNS_UDP is  set to UDP53 port).
Any advice? 



All Replies

  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    So its blocked what are you trying to do? stop it logging the block?
  • ktv
    ktv Posts: 5
    First Comment
    yep,
    I dont know why I'm alerted if my port is closed (and Log denied traffic is set to no) :)



  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Its logging due to it being set in security policy > ADP > profile tab 


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ktv

     

    Those logs were generated by UDP abnormal traffic protection of ADP.

    So, even you disable DNS UDP port 53 session on security policy, those similar log messages still can be seen.

    If you don’t want to see them you may navigate Configuration > Security Policy > ADP and set "Traffic Anomaly", "Protocol Anomaly" Log to “no”.

    Hope this can help you.


Security Highlight