[fw-wiz] Domain Name Requests
From: Rick Greep (RickGreep_at_cti-consulting.com)
Date: 02/11/05
- Previous message: Richards, Jim: "RE: [fw-wiz] risk level associated with VPNs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Firewall Wizards <firewall-wizards@honor.icsalabs.com> Date: Fri, 11 Feb 2005 10:11:33 -0600
Hello,
Within the last month I have noticed a number of packets directed to port 53
on my home connection. The limited information from my router only reports
that inbound packets were directed to port 53 from > 1024 but not whether it
was UDP or TCP. I am getting around 50 hits per day in bursts from 5 to 30 at
a time from random sites.
I am running named internally but inbound connections from the internet are
blocked. The requests are coming from ISP's like level3.net but also from
non-ISP's like doubleclick.net.
Is anyone else seeing this? Could this be some type of worm attempting to
spread to DNS servers? I remember doubleclick being attacked with some type
of DNS denial of service a couple of months ago, could this be related?
Take care,
-- Rick Greep, Core Technologies, Inc. RickGreep@cti-consulting.com Phone: 877 293-2702 Public Key: 807E9BD3 _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Richards, Jim: "RE: [fw-wiz] risk level associated with VPNs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
