|
Security Incidents
mailing list archives
Re: Weird DNS scans
From: Richard Smith <eno_man () yahoo com>
Date: Fri, 5 Oct 2001 09:13:49 -0700 (PDT)
Can you post a sanitized dump of the scan? Are the
source ports incrementing by one and scanning port 53?
This is a common trait of BigIP it gathers RTT and
other stats so that it can properly route you to the
least loaded server via local load-balancing.
The only concern I might have is the fact that IRC is
reported as listening on port 6667. It could be a
compromised host. BigIP uses a modified version of
FreeBSD. I don't remember it using this port, but I
could be wrong.
R/
Richard Smith
__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Weird DNS scans Seth Milder (Oct 05)
- <Possible follow-ups>
- Re: Weird DNS scans Richard Smith (Oct 05)
|
Intro
