Re: low numbers connects to DNS?

[Glenn Forbes Fleming Larratt <glratt () RICE EDU>]

It's been my experience that NT machines of some flavor or other (insert
obDerogM$Comment here) will use a source port of 137, rather than the
appropriate nonprivileged port range, for DNS queries; I think it has
something to do with DNS being used to resolve WINS queries.

        -g

On Sun, 23 Jul 2000, Kurt Weiske wrote:

> Date: Sun, 23 Jul 2000 08:59:11 -0700
> From: Kurt Weiske <kweiske () kataan org>
> To: INCIDENTS () securityfocus com
> Subject: [INCIDENTS] low numbers connects to DNS?
>
> My system is primary DNS server for my domain. My IPchains filters started
> logging several connects over ports < 1024 (but not 53) to my domain port
> (port 53) a few nights ago.
>
> Is this normal? I thought named would try and use a non-priveliged source
> port (over 1024) to connect to a server's destination domain port.
>
> --Kurt
>
> (BTW, thanks to the list for some wonderful insights over the past few
> months. I've been lurking around here, and feel like I've learned a lot from
> listening in on the conversations going on here...)
>
>
> ---
> Kurt Weiske
> email: kweiske () kataan org

                                Glenn Forbes Fleming Larratt
                                Rice University Network Management
                                glratt () rice edu