[Dshield] Abundant Port 53 scans

Ryan J Betz ryanb at maumeepattern.com
Mon Jul 9 14:13:40 GMT 2001


I get this in my logs about once a day (xxx.xxx.xxx.xxx is my IP address):

Jul  9 09:53:13 gateway kernel: Packet log: input DENY eth0 PROTO=6
202.139.133.129:54491 xxx.xxx.xxx.xxx:53 L=44 S=0x00 I=0 F=0x0000 T=241
(#29)
Jul  9 09:53:13 gateway kernel: Packet log: input DENY eth0 PROTO=6
216.35.167.58:57060 xxx.xxx.xxx.xxx:53 L=44 S=0x00 I=0 F=0x0000 T=243 (#29)
Jul  9 09:53:13 gateway kernel: Packet log: input DENY eth0 PROTO=6
209.249.97.40:40817 xxx.xxx.xxx.xxx:53 L=44 S=0x00 I=0 F=0x0000 T=243 (#29)
Jul  9 09:53:13 gateway kernel: Packet log: input DENY eth0 PROTO=6
64.37.200.46:64732 xxx.xxx.xxx.xxx:53 L=44 S=0x00 I=0 F=0x0000 T=245 (#29)
Jul  9 09:53:13 gateway kernel: Packet log: input DENY eth0 PROTO=6
216.33.35.214:37856 xxx.xxx.xxx.xxx:53 L=44 S=0x00 I=0 F=0x0000 T=244 (#29)
Jul  9 09:53:13 gateway kernel: Packet log: input DENY eth0 PROTO=6
64.78.235.14:64258 xxx.xxx.xxx.xxx:53 L=44 S=0x00 I=0 F=0x0000 T=245 (#29)

It goes on for about 300 IP addresses.  This isn't my DNS server, it's a
web/mail server.  Should this be happening, I don't really know why this is
going on?

Thanks,
Ryan




More information about the list mailing list