Re: strange traffic on UDP port 53

Valdis.Kletnieks_at_vt.edu
Date: 06/07/03

  • Next message: James C. Slora Jr.: "Re: Help with an odd log file..."
    To: Mike <mike@coenholdings.ie>
    Date: Fri, 06 Jun 2003 21:04:03 -0400
    
    
    

    On Fri, 06 Jun 2003 08:39:52 BST, Mike <mike@coenholdings.ie> said:

    > belonged to our ISP. On querying them about this odd behavior the
    > explanation given (and other evidence seems to bear this out) was that
    > our mail server was performing DNS lookups for the delivery of mail and
    > on behalf of our internal network as it was configured as a forwarder
    > because it was behind a firewall. The IP address in question was merely
    > replying to DNS queries which had been forwarded to it by our ISPs'

    The scenario there would have your site sending packets with an ephemeral
    port number to the DNS server's port 53, and the return packets stopped
    at the firewall would have a *source* port 53 and an ephemeral destination.

    In the OP's case, the *destination* port was 53, which indicates that somebody
    thinks that the mail server target is also providing DNS service.

    
    



  • Next message: James C. Slora Jr.: "Re: Help with an odd log file..."