>>> somogyi lorand <[EMAIL PROTECTED]> 19.09.01 15:03:58 >>>
>Hi,
>I'm wondering if this is normal behaviour.
>My primary DNS is on x.x.x.x, and my ip is
>y.y.y.y. Snort portscan.log extr.:
>
>------------------------------------------------
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32783 UDP
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32784 UDP
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32785 UDP
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32786 UDP
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32787 UDP
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32788 UDP
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32789 UDP
>Sep 19 10:41:05 x.x.x.x:53 -> y.y.y.y:32790 UDP
>and so on...
>------------------------------------------------
>
>So, if I'm rigth someone scans my machine from the
>primary DNS machine, using port 53 as their source
>port. Or is this a normal DNS behavior?
>
>Greatings,
>L.
looks like normal DNS replies to me
Mit freundlichen Grüßen / Kind Regards
Milan Goellner
Network Technician
----------------------------------------------------------------
Compu-Shack Electronic GmbH
Ringstrasse 56-58
56564 Neuwied
Germany
Telefon +49/(0) 26 31-9 83-962
Email [EMAIL PROTECTED]
http://www.compu-shack.com
