Re: strange traffic on UDP port 53
From: Rodney Green (rgreen_at_trayerproducts.com)
Date: 06/05/03
- Previous message: John Costa: "RE: Dameware Malcode? Is anyone aware of it?"
- In reply to: Ronald Belchez: "strange traffic on UDP port 53"
- Next in thread: Mike: "RE: strange traffic on UDP port 53"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Ronald Belchez" <meukone@yahoo.co.uk>, <incidents@securityfocus.com> Date: Thu, 5 Jun 2003 16:19:06 -0400
What is the access list that you applied?
----------------------------------
Hi All,
We don't have a firewall and is just relying on Access-list on our border
router. After i applied the new access-list I am continously receiving
the logs showed below. The destination IP is our mail server (not running
any DNS service) while the source IP (unsolicited and using source port
with some sort of incremental patterm, the denied packets logs is also
continuous now for about 4 days) I am not aware of any trojan or worm
using the below. I already tried searching google but cannot find the
explanation or something that might help me understand the below....
Please advise.
--logs starts here---
denied udp XX7.Y3.71.242(54067) -> XX3.Y1.246.66(53), 1 packet
denied udp XX7.Y3.71.242(54070) -> XX3.Y1.246.66(53), 1 packet
denied udp XX7.Y3.71.242(53967) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(53972) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(53979) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(53989) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(54003) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(53982) -> XX3.Y1.246.66(53), 34 packets
denied udp XX7.Y3.71.242(54009) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(54027) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(54035) -> XX3.Y1.246.66(53), 2 packets
denied udp XX7.Y3.71.242(54042) -> XX3.Y1.246.66(53), 2 packets
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: John Costa: "RE: Dameware Malcode? Is anyone aware of it?"
- In reply to: Ronald Belchez: "strange traffic on UDP port 53"
- Next in thread: Mike: "RE: strange traffic on UDP port 53"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
