Security Incidents mailing list archives
Re: strange traffic on UDP port 53
From: "Anders Reed Mohn" <anders_rm () utepils com>
Date: Thu, 12 Jun 2003 10:39:50 +0200
1. Using the same src_IP:port# to dst_IP:port# (as earlier provided) it is using DNS query to PTR 48.1.1.192.in-addr.arpa 2. Then our mail server replying to the same Source IP, using ICMP (0x01) destination unreachable.
Smells of a faulty DNS-setup, and of faulty routing. Some machine out there thinks you have the DNS for 1.1.192.in-addr.arpa, and is trying to resolve 48.1.1.192.in-addr.arpa through you. At least, that's a scenario I have seen a few times. This could be just a typo in an SOA or in the DNS-address specified on a specific computer. I addition, someone didn't get their routing right, 'cuz traffic to and from 242.x.x.x should not be routed to the Internet, AFAIK. Cheers, Anders :) ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: strange traffic on UDP port 53, (continued)
- Re: strange traffic on UDP port 53 Rodney Green (Jun 06)
- RE: strange traffic on UDP port 53 Mike (Jun 06)
- Re: strange traffic on UDP port 53 Roger A. Grimes (Jun 09)
- RE: strange traffic on UDP port 53 David Gillett (Jun 09)
- RE: strange traffic on UDP port 53 Greg A. Woods (Jun 10)
- RE: strange traffic on UDP port 53 David Gillett (Jun 10)
- RE: strange traffic on UDP port 53 Greg A. Woods (Jun 10)
- Re: strange traffic on UDP port 53 Valdis . Kletnieks (Jun 09)
- Re: strange traffic on UDP port 53 Anders Reed Mohn (Jun 12)