portscan 32842:6100?
From: Jim Patterson (jim_patterson@attbi.com)
Date: 12/20/02
- Next message: SomeLoser: "Re: freeswan + routing - long message"
- Previous message: Shawn Willden: "Re: File on disk in linux (encrypted?)"
- Next in thread: Tim Haynes: "Re: portscan 32842:6100?"
- Reply: Tim Haynes: "Re: portscan 32842:6100?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jim Patterson <jim_patterson@attbi.com> Date: Fri, 20 Dec 2002 15:23:56 GMT
I set up a system with ipchains and start logging everything and noticed
traffic between the firewall and ISP DNS. On the DNS side the port used
stays at 53 but on the firewall side the port changes from 32841 to
61000 (consecutively going up 16 ports per second). I would say that I
am getting a scan from the DNS server but the communication appears to
be originating from my firewall.
Is this legitimate traffic? (Is this supposed to be happening?)
Using RH7.3.
I also have a friend that set up a firewall using 7.3, who had problems
with the log file filling his hard drive. He noticed that 99% of the
traffic was almost a continuous commumication with his ISP's DNS
server. I don't think he ever saw or noted that the ports kept changing
though.
Any ideas on what is happening?
- Next message: SomeLoser: "Re: freeswan + routing - long message"
- Previous message: Shawn Willden: "Re: File on disk in linux (encrypted?)"
- Next in thread: Tim Haynes: "Re: portscan 32842:6100?"
- Reply: Tim Haynes: "Re: portscan 32842:6100?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
