From owner-freebsd-questions  Fri Apr 19 18:13:26 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp3.hushmail.com (smtp3.hushmail.com [64.40.111.33])
	by hub.freebsd.org (Postfix) with ESMTP id 11FC037B423
	for <freebsd-questions@freebsd.org>; Fri, 19 Apr 2002 18:13:22 -0700 (PDT)
Received: from mailserver2.hushmail.com (mailserver2.hushmail.com [64.40.111.21])
	by smtp3.hushmail.com (Postfix) with ESMTP id EF97CF048
	for <freebsd-questions@freebsd.org>; Fri, 19 Apr 2002 18:12:25 -0700 (PDT)
Received: (from nobody@localhost)
	by mailserver2.hushmail.com (8.11.6/8.11.3) id g3K1D9v54244;
	Fri, 19 Apr 2002 18:13:09 -0700 (PDT)
	(envelope-from ppauly@hushmail.com)
Message-Id: <200204200113.g3K1D9v54244@mailserver2.hushmail.com>
From: ppauly@hushmail.com
To: freebsd-questions@freebsd.org
Subject: Wierd "DNS" packet every second
Date: Fri, 19 Apr 2002 18:13:09 -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


There is a machine that is trying to send udp packets from its
port 53 to my port 0, every second, all day long. I
don't think it's an attack, it's probably something
misconfigured, or something I don't understand. 
The IP address if from Global Crossing (isn't that the
company that is having financial problems in the news?)
Below is the ipflog entry for a one of them, and
a tcpdump entry:

Apr 18 20:16:56 home1 ipmon[50]: 20:16:56.869014 de0 @0:5 b 208.48.241.98,53 \
 -> 198.77.156.17,0 PR udp len 20 64 IN

21.23.57.924607 208.48.241.98.domain > home1.networkmonitoring.org.0: 14010 \
 FormErr [0q] 0/0/0 (36)

Any suggestions on what this is? Why is it going to port 0?

Peter.

Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message