Re: strange traffic on UDP port 53
To: Mike <email@example.com> Date: Fri, 06 Jun 2003 21:04:03 -0400
On Fri, 06 Jun 2003 08:39:52 BST, Mike <firstname.lastname@example.org> said:
> belonged to our ISP. On querying them about this odd behavior the
> explanation given (and other evidence seems to bear this out) was that
> our mail server was performing DNS lookups for the delivery of mail and
> on behalf of our internal network as it was configured as a forwarder
> because it was behind a firewall. The IP address in question was merely
> replying to DNS queries which had been forwarded to it by our ISPs'
The scenario there would have your site sending packets with an ephemeral
port number to the DNS server's port 53, and the return packets stopped
at the firewall would have a *source* port 53 and an ephemeral destination.
In the OP's case, the *destination* port was 53, which indicates that somebody
thinks that the mail server target is also providing DNS service.
- application/pgp-signature attachment: stored