Mysterious DNS/53 traffic

Mr. James W. Laferriere babydr at baby-dragons.com
Mon Nov 6 21:05:09 UTC 2000



	Hello Ross ,  Paul dropped a note on the list a while back about
	a tool to use port 53 as a tcp forwarder .  Please see below my
	.sig .  It is just a possibility .  Hth ,  JimL

On Mon, 6 Nov 2000, Ross wrote:
> I monitor a NID (sniffer) for my company.  I see lots of large and small
> dns/53 traffic from non company sites to my company machines.  What is the
> reason of a non DNS server to communicate to my machines regardless of file
> size?  Shouldnt port 53 traffic be only communication between DNS server and
> clients?  Should I worry about a manipulated DNS port being used in bad
> ways?
> Thanks DNS Expert!!!
> Ross
       +----------------------------------------------------------------+
       | James   W.   Laferriere | System  Techniques | Give me VMS     |
       | Network        Engineer | 25416      22nd So |  Give me Linux  |
       | babydr at baby-dragons.com | DesMoines WA 98198 |   only  on  AXP |
       +----------------------------------------------------------------+
On Sun, 10 Sep 2000, Paul A Vixie wrote:
> 
> Date: Sun, 10 Sep 2000 20:21:48 -0700
> From: Paul A Vixie <vixie at mibh.net>
> To: bind-workers at isc.org
> Subject: FYI - IP tunnelling via DNS
> 
> http://slashdot.org/article.pl?sid=00/09/10/2230242&mode=nocomment
> 
> 




More information about the bind-users mailing list