Re: UDP Scan port 53(dns) -> dst port <1024
From: Robert Graham (me@robertgraham.com)Date: 02/22/02
- Previous message: David Carmean: "Virus/trojan tunnel out from behind firewall?"
- Maybe in reply to: Clinton Smith: "UDP Scan port 53(dns) -> dst port <1024"
- Next in thread: Clinton Smith: "Re: UDP Scan port 53(dns) -> dst port <1024"
- Reply: Clinton Smith: "Re: UDP Scan port 53(dns) -> dst port <1024"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 22 Feb 2002 17:04:14 -0500 (EST) From: Robert Graham <me@robertgraham.com> To: incidents@securityfocus.com
>external(possibly spoofed)host:53 -UDP-> localsystem:987
>external(possibly spoofed)host:53 -UDP-> localsystem:988
>external(possibly spoofed)host:53 -UDP-> localsystem:989
These are probably replies to queries from your own machines
who are behind a NAT:
http://www.robertgraham.com/pubs/firewall-seen.html#1.9
This is a PTR response to resolve the IP address of
192.168.200.82. Since this is a private address, it points
to one machine behind your NAT resolving the IP address
of another machine behind your NAT.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: David Carmean: "Virus/trojan tunnel out from behind firewall?"
- Maybe in reply to: Clinton Smith: "UDP Scan port 53(dns) -> dst port <1024"
- Next in thread: Clinton Smith: "Re: UDP Scan port 53(dns) -> dst port <1024"
- Reply: Clinton Smith: "Re: UDP Scan port 53(dns) -> dst port <1024"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
