lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
From: fulldisc at sun.consumer.org.il (Shachar Shemesh)
Subject: Strange TCP/IP DNS traffic

Hi all,

A few days ago I started seeing outbound TCP connection on port 53, 
aimed at the .com NS servers. These were blocked by the firewall. I 
realize that this does not violate any RFC, but it's still unusual.

The outbound traffic is not generated by the local bind installation, 
which was asked to bind to port 53 for outbound traffic. Also, 
/etc/resolv.conf lists 127.0.0.1 as the nameserver, so as far as I 
understand such traffic should not be initiated by user programs.

Anyone has any idea what that may be?

             Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting
http://www.lingnu.com/

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux