Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: AW: [suse-security] dns hijack attack
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Mon, 5 Feb 2001 23:44:30 +0100 (MET)
  • Message-id: <Pine.LNX.4.30.0102052338350.26556-100000@xxxxxxxxxxxx>
> Hi list-users
>
> Please forget about my request here above. It's bogus.
> What kind of traffic is this?
>
> Feb 3 18:47:14 bridge kernel: Packet log: b1 DENY eth1 PROTO=17
> 212.114.64.130:624 212.232.168.190:53 L=55 S=0x00 I=11152 F=0x0000 T=45

protocol (/etc/protocols) 17 is UDP.
Length=55 bytes
TTL=45 (from probably 64)
Source port is 625
Destination port is 53.

Now I just wonder why you filter these packets. Those appear to be regular
dns queries, destined for 212.232.168.181 (your address? PS14613-RIPE).

> Feb 3 18:47:15 bridge kernel: Packet log: b1 DENY eth1 PROTO=17
> 212.114.64.130:625 212.232.168.181:53 L=55 S=0x00 I=11168 F=0x0000 T=45
[snip]

Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N├╝rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -


< Previous Next >
Follow Ups
References