[Full-Disclosure] Strange TCP/IP DNS traffic

From: Shachar Shemesh (fulldisc_at_sun.consumer.org.il)
Date: 06/03/04

  • Next message: Nils Ketelsen: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
    To: full-disclosure@netsys.com
    Date: Thu, 03 Jun 2004 17:35:22 +0300

    Hi all,

    A few days ago I started seeing outbound TCP connection on port 53,
    aimed at the .com NS servers. These were blocked by the firewall. I
    realize that this does not violate any RFC, but it's still unusual.

    The outbound traffic is not generated by the local bind installation,
    which was asked to bind to port 53 for outbound traffic. Also,
    /etc/resolv.conf lists as the nameserver, so as far as I
    understand such traffic should not be initiated by user programs.

    Anyone has any idea what that may be?


    Shachar Shemesh
    Lingnu Open Source Consulting
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Nils Ketelsen: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"

    Relevant Pages

    • Re: Will Exchange using nonstandard port cause problems with Sharepoint?
      ... about changing the std outbound port of Exchange. ... 'SmallBusiness SMTP Connector'. ... Next, click on the Advanced tab, then Outbound Security,, then Basic ...
    • RE: Unable to print on ports 9100/515
      ... Is the protocol definition for outbound on port 9100 and 515 actually trying ... > the detailed steps to publish a TCP/IP network printer through ISA, ... > 306071 How to Publish a TCP/IP Printer Behind ISA Server ...
    • Re: Outbound ports
      ... Destination Port 80 outbound ... I would never allow more than port ... >resource need) (or inbound for the DMZ). ... arguing that you meant "outbound from the WAN to the DMZ"? ...
    • Re: Microsoft update asking for security change - SP 2 firewall operation
      ... the firewall is still an inbound-only blocker. ... inbound traffic must be a response to something that previously went out. ... * For outbound TCP, inbound replies must come from the target IP address ... When the application binds to a socket, whatever port the ...
    • Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?
      ... there is very little that a real firewall appliance will ... ALL inbound and outbound traffic in real time - a simple KVM switch will ... outbound SMTP then it can spam all it wants. ... Private Ports in some versions - where you can list port ranges to block ...