Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: port scan from 53

From: "Maarten Van Horenbeeck" <maarten () daemon be>
Date: Wed, 16 May 2001 19:57:08 +0200
JK,


Does anyone have any idea what would cause a scan to originate from port

53

on an IRIX based server and destined for users on incrementing ports
starting in the 1000 range and continuing, in cases, to 4000 range.


the attacker might be expecting that your ACL / packetfilter accepts/passes
all packets originating from 53 UDP (DNS-lookups).  This is often the case
on insecure packet-filter installations.


2000/09/14,09:21:48 -5:00 GMT,
Server.IP.Address:53,Client.IP.Address:1038,UDP


With kind regards,

Maarten Van Horenbeeck
OS2 & Unix System Administrator
http://www.daemon.be
maarten () daemon be
Previous By Date Next
Previous By Thread Next

Current thread: