Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Sep 2001 15:16:52 -0700
From:      Kelsey Cummings <kgc@sonic.net>
To:        Mikko Tyolajarvi <mikko@dynas.se>
Cc:        mackinnon.m@home.com, questions@FreeBSD.ORG
Subject:   Re: @home DNS server seems to be scanning my ports?
Message-ID:  <20010926151652.Y953@sonic.net>
In-Reply-To: <200109262112.f8QLCqu75754@explorer.rsa.com>; from mikko@dynas.se on Wed, Sep 26, 2001 at 02:12:52PM -0700
References:  <20010926184539.55B2737B40B@hub.freebsd.org> <5.0.2.1.0.20010926121341.00a5de40@netmail.home.com> <200109262112.f8QLCqu75754@explorer.rsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Sep 26, 2001 at 02:12:52PM -0700, Mikko Tyolajarvi wrote:
> In local.freebsd.questions you write:
> 
> >I keep getting these messages on my freebsd system:
> 
> >"Connection attempt to UDP <my IP>:X from 24.69.255.196:53
> 
> >where X is some port number. It's usually different. The latest ones were,
> >in series, ports 1034, 1036, 1037.
> 
> Looks like DNS replies to me - is 24.69.255.196 the DNS server of your
> ISP by any chance?  If whatever sent the query has given up and closed
> its socket, you'd see errors like these (if you are using a NAT
> gateway I guess there is some funky timeout in the NAT association
> tables as well - a late reply would cause an error like this too).
> 
> The reason for the ports appearing in sequence like this is that the
> clients sending the queries get assigned dynamic port numbers by the
> system, starting at 1024.
> 
> Nothing to worry about.

If only everyone saw it that way.  I work for an ISP with about 35k
subscribers and you have no idea how many complaints we get about
our DNS server 'portscanning'....

Ugh!  So many 'personal' firewalls are paranoid about this too.

-- 
Kelsey Cummings - kgc@sonic.net         sonic.net
System Administrator                    300 B Street, Ste 101
707.522.1000 (Voice)                    Santa Rosa, CA 95404
707.547.2199 (Fax)                      http://www.sonic.net/
Fingerprint = 7F 59 43 1B 44 8A 0D 57  91 08 73 73 7A 48 90 C5

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010926151652.Y953>