Security Incidents mailing list archives

Re: Weird DNS scans

From: Richard Smith <eno_man () yahoo com>
Date: Fri, 5 Oct 2001 09:13:49 -0700 (PDT)

Can you post a sanitized dump of the scan? Are the
source ports incrementing by one and scanning port 53?
This is a common trait of BigIP it gathers RTT and
other stats so that it can properly route you to the
least loaded server via local load-balancing. 

The only concern I might have is the fact that IRC is
reported as listening on port 6667. It could be a
compromised host. BigIP uses a modified version of
FreeBSD. I don't remember it using this port, but I
could be wrong.

R/

Richard Smith

__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Weird DNS scans Seth Milder (Oct 05)
- Re: Weird DNS scans Ryan Russell (Oct 05)
- <Possible follow-ups>
- Re: Weird DNS scans Richard Smith (Oct 05)
  - Re: Weird DNS scans John Hall (Oct 06)
  - Re: Weird DNS scans Seth Milder (Oct 06)
    - Re: Weird DNS scans John Hall (Oct 08)
    - Re: Weird DNS scans Seth Milder (Oct 09)