dns clients using non-ephemeral ports
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Jan 10 21:39:25 UTC 2001
There is nothing that says a client cannot use those ports.
That being said someone *may* be trying to establish a
forwarding loop.
The first two are listed in my /etc/services.
Mark
>
> My firewall is configured to allow dns requests from the outside
> world that use ephemeral source ports (1024-65535) and port 53.
> When I check my logs, I see packets that were rejected
> because they used source ports below 1024. Here
> are some examples:
>
> 195.153.131.2:665
> 203.229.169.225:744
> 212.62.4.189:904
>
> Are there resolvers or servers out there that normally do this or have
> I turned away a potential attack?
>
> Ed
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list