[Full-Disclosure] Strange TCP/IP DNS traffic
From: Shachar Shemesh (fulldisc_at_sun.consumer.org.il)
Date: 06/03/04
- Previous message: Paul Herman: "Format String Vulnerability in Tripwire"
- Next in thread: Nils Ketelsen: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Reply: Nils Ketelsen: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Reply: Nicolas Rachinsky: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Reply: Matthew Ploessel: "RE: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Reply: Skip Duckwall: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@netsys.com Date: Thu, 03 Jun 2004 17:35:22 +0300
Hi all,
A few days ago I started seeing outbound TCP connection on port 53,
aimed at the .com NS servers. These were blocked by the firewall. I
realize that this does not violate any RFC, but it's still unusual.
The outbound traffic is not generated by the local bind installation,
which was asked to bind to port 53 for outbound traffic. Also,
/etc/resolv.conf lists 127.0.0.1 as the nameserver, so as far as I
understand such traffic should not be initiated by user programs.
Anyone has any idea what that may be?
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting http://www.lingnu.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Paul Herman: "Format String Vulnerability in Tripwire"
- Next in thread: Nils Ketelsen: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Reply: Nils Ketelsen: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Reply: Nicolas Rachinsky: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Reply: Matthew Ploessel: "RE: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Reply: Skip Duckwall: "Re: [Full-Disclosure] Strange TCP/IP DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
