Firewall Wizards mailing list archives

Re: Interesting DNS Traffic -Reply

From: Einar EINARSSON <einar.einarsson () iea org>
Date: Wed, 02 Jun 1999 15:43:54 +0100

Robert Graham <robert_david_graham () yahoo com>

5/31/99  11:38 pm >>>

The DNS traffic from low ports is somewhat normal, from
my own experience. I see LOTs of DNS traffic coming from
ports lower than 1024 from machines browsing our website.
Here are some example ports:


I thought DNS lookup 'was supposed' to use a random
source port above 1023. So why are some implementations
using a source port below 1023 and some above 1023 ? 
I guess there is nothing stoping the programmer, but
wouldn't it be simpler, at least for those writing packet filters,
if this stuff was implemented a certain way and not the other
? 

Einar

Current thread:

Re: Interesting DNS Traffic The Unicorn (Jun 01)
- <Possible follow-ups>
- Re: Interesting DNS Traffic Robert Graham (Jun 01)
  - Re: Interesting DNS Traffic Joseph S D Yao (Jun 02)
- Re: Interesting DNS Traffic Andrew Fessler (Jun 01)
- Re: Interesting DNS Traffic Ryan Russell (Jun 02)
  - Re: Interesting DNS Traffic David Gillett (Jun 03)
- Re: Interesting DNS Traffic Vern Paxson (Jun 02)
- Re: Interesting DNS Traffic -Reply Einar EINARSSON (Jun 02)
  - Re: Interesting DNS Traffic -Reply Ge' Weijers (Jun 03)
- Re: Interesting DNS Traffic -Reply -Reply Einar EINARSSON (Jun 03)
  - Re: Interesting DNS Traffic -Reply -Reply Ge' Weijers (Jun 04)
- Re: Interesting DNS Traffic -Reply John McDermott (Jun 03)
- Re: Interesting DNS Traffic -Reply Chris Calabrese (Jun 03)