Date: Wed, 26 Sep 2001 15:24:55 -0700 (PDT) From: Brian Whalen <bri@sonicboom.org> To: Kelsey Cummings <kgc@sonic.net> Cc: Mikko Tyolajarvi <mikko@dynas.se>, <mackinnon.m@home.com>, <questions@FreeBSD.ORG> Subject: Re: @home DNS server seems to be scanning my ports? Message-ID: <20010926152429.F65459-100000@cx175057-a.ocnsd1.sdca.home.com> In-Reply-To: <20010926151652.Y953@sonic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
It makes me feel so good when I see this in my logs though.. Name: authorized-scan1.security.home.net Address: 24.0.0.203 Brian "Sonic" Whalen Success = Preparation + Opportunity On Wed, 26 Sep 2001, Kelsey Cummings wrote: > On Wed, Sep 26, 2001 at 02:12:52PM -0700, Mikko Tyolajarvi wrote: > > In local.freebsd.questions you write: > > > > >I keep getting these messages on my freebsd system: > > > > >"Connection attempt to UDP <my IP>:X from 24.69.255.196:53 > > > > >where X is some port number. It's usually different. The latest ones were, > > >in series, ports 1034, 1036, 1037. > > > > Looks like DNS replies to me - is 24.69.255.196 the DNS server of your > > ISP by any chance? If whatever sent the query has given up and closed > > its socket, you'd see errors like these (if you are using a NAT > > gateway I guess there is some funky timeout in the NAT association > > tables as well - a late reply would cause an error like this too). > > > > The reason for the ports appearing in sequence like this is that the > > clients sending the queries get assigned dynamic port numbers by the > > system, starting at 1024. > > > > Nothing to worry about. > > If only everyone saw it that way. I work for an ISP with about 35k > subscribers and you have no idea how many complaints we get about > our DNS server 'portscanning'.... > > Ugh! So many 'personal' firewalls are paranoid about this too. > > -- > Kelsey Cummings - kgc@sonic.net sonic.net > System Administrator 300 B Street, Ste 101 > 707.522.1000 (Voice) Santa Rosa, CA 95404 > 707.547.2199 (Fax) http://www.sonic.net/ > Fingerprint = 7F 59 43 1B 44 8A 0D 57 91 08 73 73 7A 48 90 C5 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010926152429.F65459-100000>