UDP scan from DNS server?

• Previous message: Valdis.Kletnieksat_private: "Re: Timing of DoS and Intrusion attempts."
• Reply: Chris Brenton: "Re: UDP scan from DNS server?"
• Reply: dmuz: "RE: UDP scan from DNS server?"
• Reply: Jonathan Bloomquist: "Re: UDP scan from DNS server?"
• Reply: Michael Clark: "Re: UDP scan from DNS server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Snort grabbed the following traces last night. The source is my ISP's DNS
server. Any ideas?

May 28 21:42:40 111.222.333.444:53 -> 192.168.1.1:61068 UDP
May 28 21:42:43 111.222.333.444:53 -> 192.168.1.1:61069 UDP
May 28 21:42:43 111.222.333.444:53 -> 192.168.1.1:61070 UDP
May 28 21:42:43 111.222.333.444:53 -> 192.168.1.1:61071 UDP
May 28 21:42:43 111.222.333.444:53 -> 192.168.1.1:61072 UDP
May 28 21:42:44 111.222.333.444:53 -> 192.168.1.1:61073 UDP
May 28 21:42:53 111.222.333.444:53 -> 192.168.1.1:61074 UDP
May 28 21:48:32 111.222.333.444:53 -> 192.168.1.1:61074 UDP
May 28 21:48:33 111.222.333.444:53 -> 192.168.1.1:61075 UDP
May 28 21:48:33 111.222.333.444:53 -> 192.168.1.1:61076 UDP
May 28 21:48:33 111.222.333.444:53 -> 192.168.1.1:61078 UDP
May 28 21:48:33 111.222.333.444:53 -> 192.168.1.1:61079 UDP
May 28 21:48:33 111.222.333.444:53 -> 192.168.1.1:61077 UDP
May 28 21:48:33 111.222.333.444:53 -> 192.168.1.1:61081 UDP
May 28 21:48:33 111.222.333.444:53 -> 192.168.1.1:61082 UDP
May 28 21:48:34 111.222.333.444:53 -> 192.168.1.1:61083 UDP
May 28 21:48:34 111.222.333.444:53 -> 192.168.1.1:61084 UDP
May 28 21:48:34 111.222.333.444:53 -> 192.168.1.1:61085 UDP
May 28 21:48:34 111.222.333.444:53 -> 192.168.1.1:61086 UDP
May 28 21:48:35 111.222.333.444:53 -> 192.168.1.1:61080 UDP
May 28 21:51:23 111.222.333.444:53 -> 192.168.1.1:61094 UDP
May 28 21:51:24 111.222.333.444:53 -> 192.168.1.1:61095 UDP
May 28 21:51:24 111.222.333.444:53 -> 192.168.1.1:61096 UDP
May 28 21:51:24 111.222.333.444:53 -> 192.168.1.1:61097 UDP
May 28 21:51:24 111.222.333.444:53 -> 192.168.1.1:61098 UDP
May 28 21:55:44 111.222.333.444:53 -> 192.168.1.1:61107 UDP
May 28 21:55:45 111.222.333.444:53 -> 192.168.1.1:61108 UDP
May 28 21:55:46 111.222.333.444:53 -> 192.168.1.1:61109 UDP
May 28 21:55:46 111.222.333.444:53 -> 192.168.1.1:61110 UDP
May 28 21:55:47 111.222.333.444:53 -> 192.168.1.1:61111 UDP
May 28 21:55:47 111.222.333.444:53 -> 192.168.1.1:61112 UDP
May 28 21:56:02 111.222.333.444:53 -> 192.168.1.1:61113 UDP
May 28 21:56:02 111.222.333.444:53 -> 192.168.1.1:61114 UDP
May 28 21:56:05 111.222.333.444:53 -> 192.168.1.1:61115 UDP
May 28 21:56:07 111.222.333.444:53 -> 192.168.1.1:61116 UDP
May 28 21:56:18 111.222.333.444:53 -> 192.168.1.1:61117 UDP
May 28 21:56:18 111.222.333.444:53 -> 192.168.1.1:61118 UDP
May 28 21:57:06 111.222.333.444:53 -> 192.168.1.1:61118 UDP
May 28 21:57:07 111.222.333.444:53 -> 192.168.1.1:61119 UDP
May 28 21:57:07 111.222.333.444:53 -> 192.168.1.1:61120 UDP
May 28 21:57:08 111.222.333.444:53 -> 192.168.1.1:61121 UDP
May 28 21:57:09 111.222.333.444:53 -> 192.168.1.1:61122 UDP
May 28 21:57:11 111.222.333.444:53 -> 192.168.1.1:61123 UDP
May 28 23:16:51 111.222.333.444:53 -> 192.168.1.1:61139 UDP
May 28 23:16:52 111.222.333.444:53 -> 192.168.1.1:61140 UDP
May 28 23:16:52 111.222.333.444:53 -> 192.168.1.1:61141 UDP
May 28 23:16:54 111.222.333.444:53 -> 192.168.1.1:61142 UDP
May 28 23:16:54 111.222.333.444:53 -> 192.168.1.1:61143 UDP
May 28 23:16:55 111.222.333.444:53 -> 192.168.1.1:61144 UDP
May 28 23:16:56 111.222.333.444:53 -> 192.168.1.1:61145 UDP
May 28 23:17:12 111.222.333.444:53 -> 192.168.1.1:61146 UDP
May 28 23:17:15 111.222.333.444:53 -> 192.168.1.1:61147 UDP
May 29 06:14:56 111.222.333.444:53 -> 192.168.1.1:61156 UDP
May 29 06:14:56 111.222.333.444:53 -> 192.168.1.1:61157 UDP
May 29 06:14:56 111.222.333.444:53 -> 192.168.1.1:61158 UDP
May 29 06:14:57 111.222.333.444:53 -> 192.168.1.1:61159 UDP
May 29 06:14:59 111.222.333.444:53 -> 192.168.1.1:61160 UDP
May 29 06:14:59 111.222.333.444:53 -> 192.168.1.1:61161 UDP
May 29 06:15:00 111.222.333.444:53 -> 192.168.1.1:61162 UDP
May 29 06:15:02 111.222.333.444:53 -> 192.168.1.1:61163 UDP
May 29 06:15:15 111.222.333.444:53 -> 192.168.1.1:61164 UDP
May 29 06:15:19 111.222.333.444:53 -> 192.168.1.1:61165 UDP
May 29 06:15:19 111.222.333.444:53 -> 192.168.1.1:61166 UDP

Michael

• Next message: Arnold, Jamie: "PORT 137"
• Previous message: Valdis.Kletnieksat_private: "Re: Timing of DoS and Intrusion attempts."
• Reply: Chris Brenton: "Re: UDP scan from DNS server?"
• Reply: dmuz: "RE: UDP scan from DNS server?"
• Reply: Jonathan Bloomquist: "Re: UDP scan from DNS server?"
• Reply: Michael Clark: "Re: UDP scan from DNS server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 29 2001 - 18:18:07 PDT