Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Domain Name Requests
From: Rick Greep <RickGreep () cti-consulting com>
Date: Fri, 11 Feb 2005 10:11:33 -0600
Hello,

        Within the last month I have noticed a number of packets directed to port 53 
on my home connection. The limited information from my router only reports 
that inbound packets were directed to port 53 from > 1024 but not whether it 
was UDP or TCP. I am getting around 50 hits per day in bursts from 5 to 30 at 
a time from random sites.

        I am running named internally but inbound connections from the internet are 
blocked. The requests are coming from ISP's like level3.net but also from 
non-ISP's like doubleclick.net.

        Is anyone else seeing this? Could this be some type of worm attempting to 
spread to DNS servers? I remember doubleclick being attacked with some type 
of DNS denial of service a couple of months ago, could this be related?

        
Take care,
-- 
Rick Greep, Core Technologies, Inc.
RickGreep () cti-consulting com
Phone: 877 293-2702
Public Key: 807E9BD3
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
  • Domain Name Requests Rick Greep (Feb 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]