Security Incidents mailing list archives
Re: low numbers connects to DNS?
From: Glenn Forbes Fleming Larratt <glratt () RICE EDU>
Date: Mon, 24 Jul 2000 12:44:10 -0500
It's been my experience that NT machines of some flavor or other (insert obDerogM$Comment here) will use a source port of 137, rather than the appropriate nonprivileged port range, for DNS queries; I think it has something to do with DNS being used to resolve WINS queries. -g On Sun, 23 Jul 2000, Kurt Weiske wrote:
Date: Sun, 23 Jul 2000 08:59:11 -0700 From: Kurt Weiske <kweiske () kataan org> To: INCIDENTS () securityfocus com Subject: [INCIDENTS] low numbers connects to DNS? My system is primary DNS server for my domain. My IPchains filters started logging several connects over ports < 1024 (but not 53) to my domain port (port 53) a few nights ago. Is this normal? I thought named would try and use a non-priveliged source port (over 1024) to connect to a server's destination domain port. --Kurt (BTW, thanks to the list for some wonderful insights over the past few months. I've been lurking around here, and feel like I've learned a lot from listening in on the conversations going on here...) --- Kurt Weiske email: kweiske () kataan org
Glenn Forbes Fleming Larratt Rice University Network Management glratt () rice edu
Current thread:
- low numbers connects to DNS? Kurt Weiske (Jul 24)
- Re: low numbers connects to DNS? Glenn Forbes Fleming Larratt (Jul 24)