RE: Source port 69

From: abuse (
Date: 09/27/01

From: "abuse" <>
To: <>, <>
Subject: RE: Source port 69
Date: Thu, 27 Sep 2001 13:39:07 -0400
Message-ID: <>

> It looks like somebody may be scanning DNS servers to
> see if they
> allow TFTP and compiling a list of those that allow it.
> Has anybody seen this before?

Last night I saw a whole bunch of DNS scans coming from Unix boxes that were
running tons of services (probably compromised).