Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Interesting DNS Traffic
From: "Andrew Fessler" <andrew () allegro net>
Date: Fri, 28 May 1999 21:49:29 -0500
I have seen some unusual things on my Cisco.

I have some access-lists setup.

I permit, SMTP, WWW, POP, IMAP, ECHO,ICMP and a few other ports as
well as 1024-65535 for inbound. 

That theroetically should cover any inbound traffic.

However, I see DNS  requests and WWW requests come in where the souce
port on the packet originates in the 800 range rather than the
standard 1024-65535 range. Therefore the reply back is denied.

Example.

xxx.xxx.xxx.xxx (879) -->   204.253.83.10 (53)

meaning a packet came in from the internet going to my DNS, however
the source port of the packet was 879. 

I cant find any reason why they are having abnormal source ports,
should I worry about this? Should I open the 800 range ports? Seems
like opening my network more than I want to.

TIA

Andrew Fessler
Allegro

  By Date           By Thread  

Current thread:
  • Interesting DNS Traffic Andrew Fessler (May 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]