Home page logo

basics logo Security Basics mailing list archives

RE: UDP 1027
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 6 Jun 2005 08:57:02 -0700

  When your machine issues a DNS request, it directs it at port 53 of
the server.  What originating port does the client use?  (The server 
will send its response to the client's originating port, so there
needs to be a listener there for it....)

  There are two common approaches; some platforms take one and some the 

(a) Use port 53 for the source.  This is especially common on servers,
who may be listening on 53 anyway for DNS requests from others.  named
can figure out whether a given packet is a request or a reply.

(b) Allocate a random port starting above 1024.  My experience is that
this is more common on machines which are not, themselves, DNS servers.

  It appears that your machine is an example of (b).  Perfectly normal.

David Gillett

-----Original Message-----
From: Rod [mailto:securitybasics () gmail com]
Sent: Thursday, June 02, 2005 7:37 AM
To: security-basics () securityfocus com
Subject: UDP 1027


Running 'lsof -i' on my Linux server, I see that port 1027 UDP is
listed. It says that named is the process that it is bound to. I know
DNS is UDP 53 and TCP 53. Can someone please tell me what 1027 is used


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]