Unexpected connetcion(TCP 53)

m.saitoh at lac.co.jp m.saitoh at lac.co.jp
Sun Oct 29 09:13:31 UTC 2000



Hi users:

 Bind 8.2.2-p5 is working on Solaris 2.6 which is userd as
DNS/WWW server.

 Now I found a strange phenomenon and want to make sure
whether it causes from Bind 8.2.2-p5. or not.

 The phenomenon is that IDS detected a packet tried to 
connect from my server to Unknown Name server, directly.

  src host : My Server ( DNS, WWW )
  src port : High port
  dst host : ne3.europe.yahoo.com  <-- "Unknown" server !
  dst port : 53 (tcp)

 I don't remember that I wrote "ne3...com" in my configuration.
No such IP addr. (ne3....com) were found in the
named.conf, /etc/named/*. or /etc/resolv.conf

I tryed to find which process executed this connection using 
command like netstat, but I couldn't find it out.

I haven't seen this phenomenon more than once, but
I'm afraid something wrong happened on my server ....

*  Anyone have seen such a phenomenon ?
-------------------------------------
LAC Co., LTD.
Matsuhiko Sroupaito




More information about the bind-users mailing list