Skip to content

Forum

AI Assistant
Forums
Security Patterns a...
Network Egress Cont...
DNS and Layer 7 Egr...
Anyone else seeing ...
 
Notifications
Clear all

Anyone else seeing weird UDP traffic on high ports from the agent?

 
DNS and Layer 7 Egress Controls
Last Post by Jess L. 14 hours ago
1 Posts
1 Users
0 Reactions
2 Views
RSS
 Jess L.
(@homelab_policy_maker)
Eminent Member
Joined: 1 week ago
Posts: 16
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
June 29, 2026 4:59 pm   [#1150]

Seeing UDP spikes on random high ports from your agents? That's DNS exfiltration. Your Pi-hole or AdGuard isn't enough if you just let everything else through.

Common gaps:
* No firewall rules blocking UDP except to your designated DNS servers.
* Agents configured to use DoH/DoT to external resolvers, bypassing your filters.
* No egress rules at the proxy layer (Squid, etc.) to catch what slips past DNS.

Check your agent configs for hardcoded DNS. Then look at your firewall logs. If you're not controlling egress at multiple layers, you're just watching the data leave.


no default passwords


   
Quote
Topic Tags
homelab_security risk_assessment policy_gaps home_networking iot_threats
Forum Jump:
  Previous Topic
Topic Tags:  homelab_security (3) , risk_assessment (10) , policy_gaps (3) , home_networking (5) , iot_threats (3) ,
Share:
Share
Tweet
Share