Re: Port scan by DNS normal?

From: Wolfgang Kueter <wolfgang@xxxxxxxxxxxx>
Date: Mon, 19 Mar 2007 22:42:17 +0100

HotRdd wrote:

A few months ago I noticed that I start to get a High priority warning
about a port scan on my PC. This is a work PC that is connected to a
wireless router and a DSL modem. After having a closer look and doing a
BackTrace the IP address belongs to my ISPs DNS server. Is this normal?

Severity = Major
Direction = Inbound
Protocol = UDP

Let me guess: The destination port of those packets is > 1024, the source
port is 53 ...

Well, yes it is absolutely normal for various completely braindead personal
firewalls to misinterpret DNS answer packets from the DNS server you use as
a UDP scan. Since you decided to install one of those famous network
communication destruction tools I'm afraid you'll have to live with such
effects.

Wolfgang
.

References:
- Port scan by DNS normal?
  - From: HotRdd

Prev by Date: Re: Comodo Firewall Problem
Next by Date: Re: Comodo Firewall Problem
Previous by thread: Re: Port scan by DNS normal?
Next by thread: Re: Port scan by DNS normal?
Index(es):
- Date
- Thread

Relevant Pages

Re: Bind as cache DNS and firewall
... As it's UDP I think of UDP queries going from my cache server to other DNS server, and I catch their UDP responses in the firewall. ... So I should open my firewall for UDP on port 53 for all the world? ...
(comp.protocols.dns.bind)
Re: DNS lookup not working
... UDP and it is blocking return traffic to your computer from your ISP DNS ... The only time you would want to enable UDP filtering for port 53 ... would be if you were running a DNS server. ... stateful and tcp/ip filtering will allow response traffic [established ...
(microsoft.public.windowsxp.security_admin)
Re: DNS lookup not working
... That is exactly why it is not working because you have filtering enabled on ... UDP and it is blocking return traffic to your computer from your ISP DNS ... The only time you would want to enable UDP filtering for port 53 ... would be if you were running a DNS server. ...
(microsoft.public.windowsxp.security_admin)
Re: DNS/port filter prob on Win2k webserver
... the connection and realize that inbound traffic to the above 1024 unprivileged port ... Ipsec filtering can be used to manage udp traffic in your ... > should use the forwarder configured to the master BIND DNS server for domain ...
(microsoft.public.win2000.general)
Re: DNS/port filter prob on Win2k webserver
... the connection and realize that inbound traffic to the above 1024 unprivileged port ... Ipsec filtering can be used to manage udp traffic in your ... > should use the forwarder configured to the master BIND DNS server for domain ...
(microsoft.public.win2000.dns)