[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] possible port scan?
The thing is that this is the source port. If the person were doing dns lookups, the dest port would be 53 not the source. Anyway, I think I might have figured out the problem. It's timed-out backward connections from the other dns server?? Since they no longer appear on the state table, the firewall drops the packets. Ciao -----Original Message----- From: Reynolds, Tom [mailto:[email protected]] Sent: 09 January 2001 16:13 To: 'Langa Kentane'; Firewall-1 Mailing List (E-mail) Subject: RE: [FW1] possible port scan? UDP port 53 is DNS lookups. Someone is probably just looking for some unadvertised DNS info :) Tom Reynolds, MCSE, CCNA _________________________ Pilgrim Baxter and Associates Network Security and Engineering 825 Duportail Rd. Wayne, Pennsylvania [email protected] -----Original Message----- From: Langa Kentane [mailto:[email protected]] Sent: Tuesday, January 09, 2001 7:34 AM To: Firewall-1 Mailing List (E-mail) Subject: [FW1] possible port scan? I noticed on my logs today that someone was trying to connect to our firewall, the ports range from 34 to 37, in random order. The source port is udp 53 on all of them. The packets are getting dropped on the stealth rule. What could this be? __________________________________________________________ Langa Kentane | TEL:Security Administrator | Cell:DISCOVERY HEALTH | http://www.discoveryhealth.co.za __________________________________________________________________ ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|