Re: DNS ports and scans

From: J C Lawrence (clawat_private)
Date: Sat May 05 2001 - 13:07:54 PDT

Next message: Talley, Brooks: "Followup on ping flood"

Previous message: leE: "Re: Any defense against ping flood?"
Next in thread: Keith Owens: "Re: DNS ports and scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 5 May 2001 12:36:05 -0400
Jason Lewis <jlewisat_private> wrote:

> DNS queries are on UDP port 53.  TCP port 53 is used for zone
> transfers.

TCP port 53 is also used for DSN queries which exceed a single UDP
packet in size (eg a host with a large round robin ring).

> Since I have blocked TCP port 53, I have seen a decrease in attack
> attempts on my name servers, primarily because that port isn't
> open.  I do still see scans for the DNS ports, but nothing more
> than a port scan.

Not terribly surprising: Most scanners are pretty poor at
registering UDP ports.

--
J C Lawrence                                       clawat_private
---------(*)                          http://www.kanga.nu/~claw/
--=| A man is as sane as he is dangerous to his environment |=--

Next message: Talley, Brooks: "Followup on ping flood"
Previous message: leE: "Re: Any defense against ping flood?"
Next in thread: Keith Owens: "Re: DNS ports and scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat May 05 2001 - 19:27:15 PDT