[ILUG] Port 53 exploit?
bredmond at electronics.dit.ie
Thu Feb 22 12:03:57 GMT 2001
I'm running a name server with versions of everything so old I'm too
embarrassed to admit them, even to good friends like yourselves.
I'm seeing port scans of other machines on our network coming
from port 53 on the name server. The name server shows nothing
out of the ordinary in any logs or other information. It doesn't look
like anyone has gained entry to the machine, just that they're
bouncing port scans through it. afaik, port 53 is usually used for
redirected dns resolution.
Now I know the solution to this is to upgrade everything to the
latest versions (and I will, honest), but I'd like to know what exploit
is being used here and if there's a simple way to see where they're
coming from. Does this look familiar to anyone?
More information about the ILUG