[gentoo-user] DOS SPT=53 DPT=53.

Tue, 11 Nov 2003 23:04:42 -0800 

I have an intermitten problem, and I'm not sure if I have something
misconfigured, or if someone or program is performing a dos on my
address.

I run named internally on my LAN.  For the most part this appears to
be working correctly then every now and then I can't browse the web,
but other (irc) connections seem fine.  In looking at my logs I see
incomming new packets, from source port 53 going to port 53.  The
seems to prevent my named server from looking up addresses. The address from
where it comes is different, but the hardware address appears to be
the same.

Any insight would bew greatly appreciated. The following is a sample
of the logs. I can provide more if necessary. 

64.125.133.202 DST=192.168.1.4 LEN=48 TOS=0x00 PREC=0x00 TTL=50 ID=35765 DF PROTO=TCP 
SPT=65326 DPT=25 WINDOW=24820 RES=0x00 SYN URGP=0
Nov 11 23:29:36 www INPUT(EST) IN=eth0 OUT= 
MAC=00:b0:d0:20:36:90:00:a0:c5:55:8f:ba:08:00 SRC=64.125.133.202 DST=192.168.1.4 
LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=35766 DF PROTO=TCP SPT=65326 DPT=25 WINDOW=25200 
RES=0x00 ACK URGP=0
Nov 11 23:29:37 www INPUT(NEW) IN=eth0 OUT= 
MAC=00:b0:d0:20:36:90:00:a0:c5:55:8f:ba:08:00 SRC=192.5.5.241 DST=192.168.1.4 LEN=223 
TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=UDP SPT=53 DPT=53 LEN=203
Nov 11 23:29:41 www INPUT(NEW) IN=eth0 OUT= 
MAC=00:b0:d0:20:36:90:00:a0:c5:55:8f:ba:08:00 SRC=128.9.0.107 DST=192.168.1.4 LEN=223 
TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=53 DPT=53 LEN=203
Nov 11 23:29:45 www INPUT(NEW) IN=eth0 OUT= 
MAC=00:b0:d0:20:36:90:00:a0:c5:55:8f:ba:08:00 SRC=128.8.10.90 DST=192.168.1.4 LEN=223 
TOS=0x00 PREC=0x00 TTL=49 ID=21860 PROTO=UDP SPT=53 DPT=53 LEN=203
Nov 11 23:29:49 www INPUT(NEW) IN=eth0 OUT= 
MAC=00:b0:d0:20:36:90:00:a0:c5:55:8f:ba:08:00 SRC=192.203.230.10 DST=192.168.1.4 
LEN=223 TOS=0x00 PREC=0x00 TTL=53 ID=25536 PROTO=UDP SPT=53 DPT=53 LEN=203
Nov 11 23:29:53 www INPUT(NEW) IN=eth0 OUT= 
MAC=00:b0:d0:20:36:90:00:a0:c5:55:8f:ba:08:00 SRC=192.58.128.30 DST=192.168.1.4 
LEN=470 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=53 DPT=53 LEN=450
Nov 11 23:29:57 www INPUT(NEW) IN=eth0 OUT= 
MAC=00:b0:d0:20:36:90:00:a0:c5:55:8f:ba:08:00 SRC=198.32.64.12 DST=192.168.1.4 LEN=223 
TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=53 DPT=53 LEN=203



Thanks,

Mojo


--
[EMAIL PROTECTED] mailing list

Reply via email to