Many udp ports open in bind 9.5.1

Mark Andrews Mark_Andrews at isc.org
Sat Feb 14 08:26:45 UTC 2009


> Ok, it is not problem bind-9.5.1, but before upgrade I had bind9.5.0-
> P2 in which there was no established udp socket from foreign users.
> Otherwise, How can I take down this user (crackerjack.net) which is
> all the time established ?
> I put him in IP tables but it seems to be same state.
> Help!

	It is YOUR system connecting to crackerjack.net not the
	other way around.  You could mark the address as bogus in
	named.conf but that will make some lookups fail.

	If you are really worried find out which queries are being
	made to crackerjack.net using tcpdump.

		tcpdump -n -v host crackerjack.net and port 53

	Mark

> Elysabeth
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list