Re: portscan

> Question. A routine inspection of my logs revealed the following:
> 
> May 29 08:57:40 my.router: DoS portscan 128.8.10.90,53 -> áÑ^[´à@0^Aá
> ,-25359-34222 PR udp len 20 135
> 
> "128.8.10.90" resolves to "d.root-servers.net" (which is ok, by itself, as I
> run DNS on this server too). But the question is, why would
> d.root-servers.net do a portscan??
> 
> Or is this some sort of false positive?

        Someone is bouncing queries off D with your address.

        Note these queries could be coming from yourself if you
        allow all UDP out and only some in.
 
        Mark

> I appreciate any comment,
> 
> - Mark
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@xxxxxxx