Security Incidents mailing list archives
Re: UDP Scan port 53(dns) -> dst port <1024
From: Robert Graham <me () robertgraham com>
Date: Fri, 22 Feb 2002 17:04:14 -0500 (EST)
external(possibly spoofed)host:53 -UDP-> localsystem:987 external(possibly spoofed)host:53 -UDP-> localsystem:988 external(possibly spoofed)host:53 -UDP-> localsystem:989
These are probably replies to queries from your own machines who are behind a NAT: http://www.robertgraham.com/pubs/firewall-seen.html#1.9 This is a PTR response to resolve the IP address of 192.168.200.82. Since this is a private address, it points to one machine behind your NAT resolving the IP address of another machine behind your NAT. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- UDP Scan port 53(dns) -> dst port <1024 Clinton Smith (Feb 22)
- <Possible follow-ups>
- Re: UDP Scan port 53(dns) -> dst port <1024 Robert Graham (Feb 24)
- Re: UDP Scan port 53(dns) -> dst port <1024 Clinton Smith (Feb 25)