[Dshield] DNS traffic?

Wilfred A. Smith wilfred at esprit-omnimedia.com
Tue Aug 26 15:20:11 GMT 2003


I'm having the same issue.  Port 53 probes with no accompanying port 80
or other traffic.  I'm hoping this is just various DNS servers updating
their caches.  However, sometimes I'll get multiple probes from the same
address block in less than a second, again with no port 80.

Please excuse me because I'm new to the list, but...

What's port 59537 supposed to be?  I'm getting hits on silly port
numbers like that.

Am I the only one seeing tons of hits on port 135 from remote port 666,
followed by a hit to 1026?

And what can be done about the bazillion port 135, 137, 139 and 445
hits?

I only recently started monitoring unsolicited traffic to my router and
I'm amazed at how much junk I'm seeing.  There seem to be coordinated
flurries.  Over a few seconds, I'll get all kinds of hits from different
addresses, but then it's completely silent for minutes.

I'm almost sorry I looked.  This is making me paranoid!

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Bob Love
Sent: Monday, August 25, 2003 11:24 PM
To: General DShield Discussion List
Subject: [Dshield] DNS traffic?

I'm seeing a huge increase in DNS probes the last 24 hours, every few
hours I get a blast of UDP probes to port 53 from the same half a dozen
or so machines... is it just me? Is there some new Bind or MSDNS exploit
I haven't heard about?

Regards

Bob

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list