Security Basics mailing list archives
RE: TCP DNS requests
From: Raghu Chinthoju <chraghu () hyd wilco-int com>
Date: Thu, 31 Oct 2002 01:12:59 +0530
TCP/DNS(53) is used for zone transfer. To be simple, TCP/DNS(53) is used between the name servers to exchange/update there name databases where as UDP/DNS(53) is used for querying. I see two possibilities for having generated TCP based DNS requests in your network. 1. You must have another DNS server in that network trying to do zone transfer with your server 2. Some one is explicitly requesting your name server for zone information. This could be done by in many ways. For example, "ls" command of nslookup does it. Cheers, Raghu. Wilco International Systems Hyderabad. -----Original Message----- From: Carl R Diliberto [mailto:cdiliberto () hotmail com] Sent: Wednesday, October 30, 2002 7:16 PM To: security-basics Subject: TCP DNS requests We are reporting TCP based DNS requests to one of our DNS servers coming from internal, client IP addresses. My manager would like to block the TCP packets. What or why would their be random TCP packets? We monitored several clients and it appears it only needs UDP. Thanks Carl This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify postmaster () wilco-int com immediately. You should not copy it or use it for any purpose, nor disclose its contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of Wilco.
Current thread:
- TCP DNS requests Carl R Diliberto (Oct 30)
- Re: TCP DNS requests Douglas K. Fischer (Oct 31)
- RE: TCP DNS requests Daniel Miessler (Oct 31)
- RE: TCP DNS requests Larry R. (Oct 31)
- <Possible follow-ups>
- Re: TCP DNS requests Martin Wasson (Oct 31)
- RE: TCP DNS requests Raghu Chinthoju (Oct 31)
- RE: TCP DNS requests Meidling, Keith, CTR, OSD-C3I (Oct 31)
- RE: TCP DNS requests Mike Powell (Oct 31)