Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: strange traffic on UDP port 53

From: "Greg A. Woods" <woods () weird com>
Date: Mon, 9 Jun 2003 12:57:11 -0400 (EDT)
[ On Friday, June 6, 2003 at 10:35:34 (-0700), David Gillett wrote: ]

Subject: RE: strange traffic on UDP port 53

  Replies to DNS queries should be coming FROM port 53,


True, though unfortunately it's not always the case.


not
(necessarily) addressed TO port 53.


If DNS queries are not addressed to port#53 then they're not going to
reach any valid nameserver.

(There's no standard in the DNS for specifying any alternate port for a
nameserver so it's pretty much impossible to see normal standard DNS
queries from random remote DNS clients on anything but port#53.  It may
be possible to specify an alternate port in some stub resolvers, but
then the person responsible for the nameserver they are directed at will
know in advance what port to expect to see queries come in on.)

-- 
                                                                Greg A. Woods

+1 416 218-0098;            <g.a.woods () ieee org>;           <woods () robohack ca>
Planix, Inc. <woods () planix com>; VE3TCP; Secrets of the Weird <woods () weird com>

----------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: