Firewall Wizards mailing list archives

Re: Interesting DNS Traffic

From: Vern Paxson <vern () ee lbl gov>
Date: Wed, 02 Jun 1999 01:00:42 PDT

Unless I am being ignorant, doesnt this NOT comply with the RFC that
have to deal with return port numbers on all ip packets?


That's a BSD convention, not an RFC requirement.  There are other systems
that don't follow the convention ...  Let's see ... from a look at yesterday's
traffic logs, about 0.67% of the connections (one in 150) had both source
and destination port < 1024 (and about 0.1% of those had both source and
destination port < 512 ... though all of those were attacks! (scans))

                Vern

Current thread:

Re: Interesting DNS Traffic The Unicorn (Jun 01)
- <Possible follow-ups>
- Re: Interesting DNS Traffic Robert Graham (Jun 01)
  - Re: Interesting DNS Traffic Joseph S D Yao (Jun 02)
- Re: Interesting DNS Traffic Andrew Fessler (Jun 01)
- Re: Interesting DNS Traffic Ryan Russell (Jun 02)
  - Re: Interesting DNS Traffic David Gillett (Jun 03)
- Re: Interesting DNS Traffic Vern Paxson (Jun 02)
- Re: Interesting DNS Traffic -Reply Einar EINARSSON (Jun 02)
  - Re: Interesting DNS Traffic -Reply Ge' Weijers (Jun 03)
- Re: Interesting DNS Traffic -Reply -Reply Einar EINARSSON (Jun 03)
  - Re: Interesting DNS Traffic -Reply -Reply Ge' Weijers (Jun 04)
- Re: Interesting DNS Traffic -Reply John McDermott (Jun 03)
- Re: Interesting DNS Traffic -Reply Chris Calabrese (Jun 03)