|
|
Re: portscan: msg#00645network.dns.bind.user
----- Original Message ----- From: <Mark.Andrews@xxxxxxx> To: "Mark" <admin@xxxxxxxxxxxxxxxx> Cc: <comp-protocols-dns-bind@xxxxxxx> Sent: Thursday, May 29, 2003 10:08 AM Subject: Re: portscan > > Question. A routine inspection of my logs revealed the following: > > > > May 29 08:57:40 my.router: DoS portscan 128.8.10.90,53 -> > >áÑ^[´à@0^Aá > > ,-25359-34222 PR udp len 20 135 > > > > "128.8.10.90" resolves to "d.root-servers.net" (which is ok, by > > itself, as I > > run DNS on this server too). But the question is, why would > > d.root-servers.net do a portscan?? > > > > Or is this some sort of false positive? > > Someone is bouncing queries off D with your address. > > Note these queries could be coming from yourself if you > allow all UDP out and only some in. Yes, I think that was it. :) I had unlimited out, and limited in. Thanks for the advice; I will make the according changes. - Mark |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: portscan: 00645, Mark_Andrews |
|---|---|
| Next by Date: | Re: Weird problem help?: 00645, EHC |
| Previous by Thread: | Re: portscani: 00645, Mark_Andrews |
| Next by Thread: | rndc: 00645, Dev Chat |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |