strange traffic
Thomas Green
bind_list at hotmail.com
Wed Aug 2 02:25:37 UTC 2000
Hello all.
I was running snort the other day on my mahcine, and I came across some
strange log entries. Here are two exerpts.
if it is a bit difficult to read:
Some unknown to me DNS servers are trying to connect to my machine on port
33434 with UDP protocol. I am playing with my own DNS server, but it is on a
home machine, nothing special. Why would this traffic be happening?
And as a second question, what is UDP used for in DNS?
<snip>
08/01-22:05:11.381561 209.67.29.10:53 -> 151.202.106.63:33434 UDP TTL:1
TOS:0x0 ID:2708 Len: 44 ....................................
08/01-22:05:11.381693 151.202.106.63 -> 209.67.29.10 ICMP TTL:255 TOS:0xC0
ID:49560 DESTINATION UNREACHABLE: PORT UNREACHABLE
....E.. at .........C....j?.5...,.Z................................
....
</snip>
<snip>
08/01-22:04:57.479137 167.8.29.52:53 -> 151.202.106.63:33434 UDP TTL:2
TOS:0x0 ID:2715 Len: 44 ....................................
08/01-22:04:57.479250 151.202.106.63 -> 167.8.29.52 ICMP TTL:255 TOS:0xC0
ID:49559 DESTINATION UNREACHABLE: PORT UNREACHABLE
....E.. at ...........4..j?.5...,+d................................
....
</snip>
Thank You
Thomas
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
More information about the bind-users
mailing list