[Dshield] DNS traffic?

Tue Aug 26 15:20:11 GMT 2003

I'm having the same issue.  Port 53 probes with no accompanying port 80
or other traffic.  I'm hoping this is just various DNS servers updating
their caches.  However, sometimes I'll get multiple probes from the same
address block in less than a second, again with no port 80.

Please excuse me because I'm new to the list, but...

What's port 59537 supposed to be?  I'm getting hits on silly port
numbers like that.

Am I the only one seeing tons of hits on port 135 from remote port 666,
followed by a hit to 1026?

And what can be done about the bazillion port 135, 137, 139 and 445

I only recently started monitoring unsolicited traffic to my router and
I'm amazed at how much junk I'm seeing.  There seem to be coordinated
flurries.  Over a few seconds, I'll get all kinds of hits from different
addresses, but then it's completely silent for minutes.

I'm almost sorry I looked.  This is making me paranoid!

[Dshield] DNS traffic?

I'm seeing a huge increase in DNS probes the last 24 hours, every few
hours I get a blast of UDP probes to port 53 from the same half a dozen
or so machines... is it just me? Is there some new Bind or MSDNS exploit
I haven't heard about?



