Firewall Wizards mailing list archives
Re: Interesting DNS Traffic -Reply
From: Einar EINARSSON <einar.einarsson () iea org>
Date: Wed, 02 Jun 1999 15:43:54 +0100
Robert Graham <robert_david_graham () yahoo com>
5/31/99 11:38 pm >>>
The DNS traffic from low ports is somewhat normal, from my own experience. I see LOTs of DNS traffic coming from ports lower than 1024 from machines browsing our website. Here are some example ports:
I thought DNS lookup 'was supposed' to use a random source port above 1023. So why are some implementations using a source port below 1023 and some above 1023 ? I guess there is nothing stoping the programmer, but wouldn't it be simpler, at least for those writing packet filters, if this stuff was implemented a certain way and not the other ? Einar
Current thread:
- Re: Interesting DNS Traffic The Unicorn (Jun 01)
- <Possible follow-ups>
- Re: Interesting DNS Traffic Robert Graham (Jun 01)
- Re: Interesting DNS Traffic Joseph S D Yao (Jun 02)
- Re: Interesting DNS Traffic Andrew Fessler (Jun 01)
- Re: Interesting DNS Traffic Ryan Russell (Jun 02)
- Re: Interesting DNS Traffic David Gillett (Jun 03)
- Re: Interesting DNS Traffic Vern Paxson (Jun 02)
- Re: Interesting DNS Traffic -Reply Einar EINARSSON (Jun 02)
- Re: Interesting DNS Traffic -Reply Ge' Weijers (Jun 03)
- Re: Interesting DNS Traffic -Reply -Reply Einar EINARSSON (Jun 03)
- Re: Interesting DNS Traffic -Reply -Reply Ge' Weijers (Jun 04)
- Re: Interesting DNS Traffic -Reply John McDermott (Jun 03)
- Re: Interesting DNS Traffic -Reply Chris Calabrese (Jun 03)