Mailinglist Archive: opensuse-security (555 mails)
| < Previous | Next > |
Re: [suse-security] weird request from port 53 to 2049
- From: Nix <suse@xxxxxxxxxxxxxxx>
- Date: Thu, 24 May 2001 18:09:29 +1000
- Message-id: <5.1.0.14.0.20010524180732.043931a0@xxxxxxxxxxxxxxxxxxxx>
This all points to the name server at you ISP being "owned"
by a hacker. Many, many hacker tools (including port scanners
like nmap) have the option to attack with a source port of 53.
I would ask your ISP to stop attacking you network and see what
they say :-)
Cheers
Nix
At 05:51 PM 24/05/2001, you wrote:
Viel Spaß
Nix - nix@xxxxxxxxxxxxxxxx
http://www.susesecurity.com
by a hacker. Many, many hacker tools (including port scanners
like nmap) have the option to attack with a source port of 53.
I would ask your ISP to stop attacking you network and see what
they say :-)
Cheers
Nix
At 05:51 PM 24/05/2001, you wrote:
* Jörg Schütter <joerg.schuetter@xxxxxx> [010524 10:42]:
>
> Is there a nfs-server running on 212.156.196.114 ? If a name-lookup is
> startet the source-port is a free one above 1024. If there is no
> nfs-server running on this computer averityhing seems to bee all right.
>
No there is no nfs server running on that pc on the other hand I have
checked my logs and found that 212.156.4.20 (nameserver of my ISP) had
made requests to port 137 which were also denied by IPCHAINS.
So if there is an err; is it on my side (ie firewall configuration )or at the ISP
side ?
--
Togan Muftuoglu
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
Viel Spaß
Nix - nix@xxxxxxxxxxxxxxxx
http://www.susesecurity.com
| < Previous | Next > |