Mailinglist Archive: opensuse-security (555 mails)
| < Previous | Next > |
AW: [suse-security] weird request from port 53 to 2049
- From: "Philipp Snizek" <mailinglists@xxxxxxxxx>
- Date: Thu, 24 May 2001 11:42:50 +0200
- Message-id: <000001c0e435$e63e3510$b400000a@xxxxxxxxxxxxxxx>
> Hi,
>
>
> can someone give me any reason why a nameserver would make a request
> to 2049 which is nfs
>
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53
> 212.156.196.114:2049 L=137 S=0x00 I=5423 F=0x0000 T=27 (#39)
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53
> 212.156.196.114:2049 L=137 S=0x00 I=5574 F=0x0000 T=27 (#39)
> Packet log: input DENY ppp0 PROTO=17 212.156.4.20:53
> 212.156.196.114:2049 L=137 S=0x00 I=5738 F=0x0000 T=27 (#39)
not a request. an answer.
You ---> isp's dns (ist-dnssrv.ttnet.tr)
1024: ---> 53 / udp
1024: <--- 53 / udp
only block 53/tcp.
open 1024:5000 for client requests and receiving answers. These are usually
the most used ports for communication from client to servers to client if
you use masquerading on your linux box. Since you've got a dial up "router"
you do use masquerading.
But if you like I can give you some real reasons for being afraid :-))
HTH
Philipp
| < Previous | Next > |