INCIDENTSat_private

From: Thorat_private
Date: Mon May 14 2001 - 12:05:45 PDT

Next message: Kevin Pietersma: "Re: a lot of spoofed traffic for port 8, does anybody recon this?"

Previous message: McCammon, Keith: "RE: who's owning this ip?"
In reply to: Eyes to the Skies.: "Re: DNS ports and scans"
Next in thread: John Coke: "RE: DNS ports and scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FWIW, IIS5.0/Exchange 2000 SMTP uses TCP 53 for DNS queries.
AD



> Jason Lewis wrote:
> >
> > DNS queries are on UDP port 53.  TCP port 53 is used for zone transfers.
By
> > blocking TCP port 53 I can't do zone transfers, but clients can still do
> > lookups on UDP 53.  Since I have blocked TCP port 53, I have seen a
decrease
> > in attack attempts on my name servers, primarily because that port isn't
> > open.  I do still see scans for the DNS ports, but nothing more than a
port
> > scan.
> >
> > My question is...Can anyone come up with any pros/cons of doing this?
> >

Next message: Kevin Pietersma: "Re: a lot of spoofed traffic for port 8, does anybody recon this?"
Previous message: McCammon, Keith: "RE: who's owning this ip?"
In reply to: Eyes to the Skies.: "Re: DNS ports and scans"
Next in thread: John Coke: "RE: DNS ports and scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 14 2001 - 18:14:26 PDT