Date: Wed, 26 Sep 2001 20:17:37 +0000 From: Bill Moran <wmoran@iowna.com> To: Kent Stewart <kstewart@owt.com>, Michael MacKinnon <mackinnon.m@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: @home DNS server seems to be scanning my ports? Message-ID: <01092620173702.02034@> In-Reply-To: <3BB22965.9AAEA6AB@owt.com> References: <20010926131955.2B95537B418@hub.freebsd.org> <5.0.2.1.0.20010926121341.00a5de40@netmail.home.com> <3BB22965.9AAEA6AB@owt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 26 September 2001 19:15, Kent Stewart wrote: > Michael MacKinnon wrote: > > I keep getting these messages on my freebsd system: > > > > "Connection attempt to UDP <my IP>:X from 24.69.255.196:53 > > > > where X is some port number. It's usually different. The latest ones > > were, in series, ports 1034, 1036, 1037. > > Yes, deny their ip address. You aren't supposed to be running a server > and they are testing for it. I have a friend in Oceanside that is > scanned the same way. Are you sure? That's really wild! 1034, 1036 and 1037 aren't even officially used for anything. On UPD? What kind of server would you run on UDP? Streaming media or something? > > Tech Support said that it was the DHCP server trying to renew, but would > > that be on port 53? I do agree that this is bull. 53 is DNS. My first guess would be that their DNS server is boogered up and trying to talk to long dropped connections. You wouldn't normally originate a connection attempt _from_ port 53. Normally, the system would originate a DNS query FROM a port > 1024 connecting TO port 53. Does it ever try to connect to a port below 1024? Like to 80 or 22 or 24 or any other well-known port? If so, then Kent might be right about the port- scanning. How weird ... -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01092620173702.02034>