Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] possible port scan?

To: "'Reynolds, Tom'" <[email protected]>
Subject: RE: [FW1] possible port scan?
From: Langa Kentane <[email protected]>
Date: Tue, 9 Jan 2001 16:47:20 +0200
Cc: "Firewall-1 Mailing List (E-mail)" <[email protected]>
Sender: [email protected]

The thing is that this is the source port.  If the person were doing dns
lookups, the dest port would be 53 not the source.

Anyway, I think I might have figured out the problem.  It's timed-out
backward connections from the other dns server??  Since they no longer
appear on the state table, the firewall drops the packets.

Ciao

-----Original Message-----
From: Reynolds, Tom [mailto:[email protected]]
Sent: 09 January 2001 16:13
To: 'Langa Kentane'; Firewall-1 Mailing List (E-mail)
Subject: RE: [FW1] possible port scan?


UDP port 53 is DNS lookups.  Someone is probably just looking for some
unadvertised DNS info :)

Tom Reynolds, MCSE, CCNA
_________________________
Pilgrim Baxter and Associates
Network Security and Engineering
825 Duportail Rd.
Wayne, Pennsylvania [email protected]


-----Original Message-----
From: Langa Kentane [mailto:[email protected]]
Sent: Tuesday, January 09, 2001 7:34 AM
To: Firewall-1 Mailing List (E-mail)
Subject: [FW1] possible port scan?



I noticed on my logs today that someone was trying to connect to our
firewall, the ports range from 34 to 37, in random order.  The source
port is udp 53 on all of them.  The packets are getting dropped on the
stealth rule.  What could this be?

__________________________________________________________
Langa Kentane		| TEL:Security Administrator	| Cell:DISCOVERY HEALTH		| http://www.discoveryhealth.co.za
__________________________________________________________________



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Monitoring with MRTG
Next by Date: RE: [FW1] problems setting up a NAT
Previous by thread: Re: [FW1] possible port scan?
Next by thread: [FW1] Date: Tue, 9 Jan 2001 13:59:39 +0100
Index(es):
- Date
- Thread