[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] possible port scan?
Hi all, I think it could be a portscan, using Port 53 as source port. This is sometimes done because filters in Routers recognize these Packets as simple DNS queries or answers and so the packet filters can be tricked out. Best regards Matthias "Reynolds, Tom" wrote: > UDP port 53 is DNS lookups. Someone is probably just looking for some > unadvertised DNS info :) > > Tom Reynolds, MCSE, CCNA > _________________________ > Pilgrim Baxter and Associates > Network Security and Engineering > 825 Duportail Rd. > Wayne, Pennsylvania 19087-5525 >> [email protected] > > -----Original Message----- > From: Langa Kentane [mailto:[email protected]] > Sent: Tuesday, January 09, 2001 7:34 AM > To: Firewall-1 Mailing List (E-mail) > Subject: [FW1] possible port scan? > > I noticed on my logs today that someone was trying to connect to our > firewall, the ports range from 34 to 37, in random order. The source > port is udp 53 on all of them. The packets are getting dropped on the > stealth rule. What could this be? > > __________________________________________________________ > Langa Kentane | TEL:> Security Administrator | Cell:> DISCOVERY HEALTH | http://www.discoveryhealth.co.za > __________________________________________________________________ > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== begin:vcard n:Leu;Dr. Matthias tel;cell:tel;fax:+49 8102 895 199 tel;work:+49 8102 895 190 x-mozilla-html:FALSE org:AERAsec Network Services and Security GmbH adr:;;Wagenberger Strasse 1;D-85662;Hohenbrunn;; version:2.1 email;internet:[email protected] fn:Dr. Matthias Leu end:vcard
|