Date: Thu, 2 Aug 2001 15:58:38 -0500 From: "Schlosser, Matt D." <mschlosser@eschelon.com> To: 'Vlad' <tmd@tmd.df.ru>, "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: RE: weird packets.. anyone? Message-ID: <2FA3BA0C7551724CA6DDF4E345360505049F1E@walleye.corp.fishnet.com>
next in thread | raw e-mail | index | archive | help
Looks like DNS is being blocked. DNS uses 53 for both UDP and TCP packets. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Vlad Sent: Thursday, August 02, 2001 3:41 PM To: freebsd-security@freebsd.org Subject: weird packets.. anyone? I've got this today in my logs: Aug 2 12:51:32 tmd ipmon[35772]: 12:51:31.270526 ed0 @0:5 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 328 IN Aug 2 12:57:54 tmd ipmon[35772]: 12:52:34.606148 3x ed0 @0:5 b 169.254.179.233,137 -> 169.254.255.255,137 PR udp len 20 96 and connection to 138. each of connection was followed by the following entries in the log: Aug 2 13:33:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1931 from 24.2.9.35:53 Aug 2 13:33:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1934 from 24.2.9.33:53 Aug 2 13:33:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1940 from 24.2.9.33:53 Aug 2 13:33:52 tmd /kernel: Connection attempt to UDP 24.43.202.10:1939 from 24.2.9.35:53 Aug 2 13:33:52 tmd /kernel: Connection attempt to UDP 24.43.202.10:1942 from 24.2.9.33:53 Aug 2 13:33:52 tmd /kernel: Connection attempt to UDP 24.43.202.10:1941 from 24.2.9.35:53 Aug 2 13:34:06 tmd /kernel: Connection attempt to UDP 24.43.202.10:1943 from 24.2.9.35:53 Aug 2 13:34:09 tmd /kernel: Connection attempt to UDP 24.43.202.10:1944 from 24.2.9.33:53 Aug 2 13:34:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1945 from 24.2.9.35:53 Aug 2 13:34:52 tmd /kernel: Connection attempt to UDP 24.43.202.10:1950 from 24.2.9.33:53 Aug 2 13:35:00 tmd /kernel: Connection attempt to UDP 24.43.202.10:1952 from 24.2.9.33:53 Aug 2 13:35:00 tmd /kernel: Connection attempt to UDP 24.43.202.10:1951 from 24.2.9.35:53 Aug 2 13:35:09 tmd /kernel: Connection attempt to UDP 24.43.202.10:1954 from 24.2.9.33:53 Aug 2 13:35:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1953 from 24.2.9.35:53 Aug 2 13:35:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1955 from 24.2.9.35:53 Aug 2 13:35:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1956 from 24.2.9.33:53 and then repeated.. 24.32.202.10 - my ip 24.2.9.33 - primary DNSof my ISP does anyone have any idea what this is? please answer to e-mail if possible.. thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2FA3BA0C7551724CA6DDF4E345360505049F1E>