Security Incidents mailing list archives
Re: Weird DNS scans
From: Richard Smith <eno_man () yahoo com>
Date: Fri, 5 Oct 2001 09:13:49 -0700 (PDT)
Can you post a sanitized dump of the scan? Are the source ports incrementing by one and scanning port 53? This is a common trait of BigIP it gathers RTT and other stats so that it can properly route you to the least loaded server via local load-balancing. The only concern I might have is the fact that IRC is reported as listening on port 6667. It could be a compromised host. BigIP uses a modified version of FreeBSD. I don't remember it using this port, but I could be wrong. R/ Richard Smith __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Weird DNS scans Seth Milder (Oct 05)
- Re: Weird DNS scans Ryan Russell (Oct 05)
- <Possible follow-ups>
- Re: Weird DNS scans Richard Smith (Oct 05)
- Re: Weird DNS scans John Hall (Oct 06)
- Re: Weird DNS scans Seth Milder (Oct 06)
- Re: Weird DNS scans John Hall (Oct 08)
- Re: Weird DNS scans Seth Milder (Oct 09)