dns clients using non-ephemeral ports

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed Jan 10 21:39:25 UTC 2001


	There is nothing that says a client cannot use those ports.
	That being said someone *may* be trying to establish a
	forwarding loop.

	The first two are listed in my /etc/services.

	Mark
> 
> My firewall is configured to allow dns requests from the outside
> world that use ephemeral source ports (1024-65535) and port 53.
> When I check my logs, I see packets that were rejected
> because they used source ports below 1024. Here
> are some examples:
> 
> 195.153.131.2:665
> 203.229.169.225:744
> 212.62.4.189:904
> 
> Are there resolvers or servers out there that normally do this or have
> I turned away a potential attack?
> 
> Ed
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com



More information about the bind-users mailing list