Dear Linux-Users, I noticed that my name server is listening to a port that i have not expected (like port 80,25,21,110 etc..). udp 0 0 127.0.0.1:53 0.0.0.0:* 475/named udp 0 0 0.0.0:52810 0.0.0.0:* 31475/named udp 0 :::53 :::* 31475/named what is port 52810 ? yesterday is was another number like 46xxx... Am i hacked ? tia GL _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de
Dear Linux-Users,
I noticed that my name server is listening to a port that i have not expected (like port 80,25,21,110 etc..).
udp 0 0 127.0.0.1:53 0.0.0.0:* 475/named udp 0 0 0.0.0:52810 0.0.0.0:* 31475/named udp 0 :::53 :::* 31475/named
what is port 52810 ? yesterday is was another number like 46xxx...
Am i hacked ?
Negative. It looks like your bind8 has been restarted since yesterday. named binds to a port which will be the source port number for the queries it sends to other nameservers. This port can be configured in /etc/named.conf (like query-source address 213.68.230.226 port *;), but it isn't bound to a specific value by default. Each time you restart bind8, it will use another port. Use "tcpdump -nvv udp and port 53" to see these requests with the source port that you see with "netstat -anp".
tia GL
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (2)
-
Gero Lindenblatt
-
Roman Drahtmueller