Mailinglist Archive: opensuse-security (555 mails)
| < Previous | Next > |
Re: [suse-security] weird request from port 53 to 2049
- From: Sebastian Krahmer <krahmer@xxxxxxx>
- Date: Fri, 25 May 2001 12:27:25 +0200 (CEST)
- Message-id: <Pine.LNX.4.30.0105251226240.30990-100000@xxxxxxxxxxxxxxx>
On Thu, 24 May 2001, Togan Muftuoglu wrote:
>
> Hi,
>
>
> can someone give me any reason why a nameserver would make a request
> to 2049 which is nfs
>
>
>
>
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53 212.156.196.114:2049 L=137 S=0x00 I=5423 F=0x0000 T=27 (#39)
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53 212.156.196.114:2049 L=137 S=0x00 I=5574 F=0x0000 T=27 (#39)
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53 212.156.196.114:2049 L=137 S=0x00 I=5738 F=0x0000 T=27 (#39)
>
>
>
Yes, someone tries to fool your firewall by making it think its DNS,
but indeed its a try to mount world exportable directories via NFS.
Sebastian
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@xxxxxxx - SuSE Security Team
~
>
> Hi,
>
>
> can someone give me any reason why a nameserver would make a request
> to 2049 which is nfs
>
>
>
>
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53 212.156.196.114:2049 L=137 S=0x00 I=5423 F=0x0000 T=27 (#39)
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53 212.156.196.114:2049 L=137 S=0x00 I=5574 F=0x0000 T=27 (#39)
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53 212.156.196.114:2049 L=137 S=0x00 I=5738 F=0x0000 T=27 (#39)
>
>
>
Yes, someone tries to fool your firewall by making it think its DNS,
but indeed its a try to mount world exportable directories via NFS.
Sebastian
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@xxxxxxx - SuSE Security Team
~
| < Previous | Next > |