-
July 22nd, 2006, 07:17 AM
#1
Junior Member
weird outbound traffic
i'm detected a lot of outboud traffic from my DNS server to single host (public IP) using UDP 46728 to 56732 . Can you guys help me figure out what connection is it? This traffic started from 20 July 12:22pm until now 22 July 2:10pm and never stops.
-
July 22nd, 2006, 11:17 AM
#2
What is the destination port? Can you get a packet capture?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
July 22nd, 2006, 11:48 AM
#3
i'm detected a lot of outboud traffic from my DNS server to single host (public IP) using UDP 46728 to 56732
With the very limited information you have provided, I can tell you what it's not.
1) It's not a DNS zone transfer.
2) It's not a recursive lookup.
Without a capture file as Tiger requested, we cannot tell you what this is, especially given the port range and the huge amount of info missing.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 22nd, 2006, 12:35 PM
#4
Just a thought, you do a whois on the host ip address?
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
July 24th, 2006, 02:35 AM
#5
Junior Member
The picture shows a portion of the incidents. This thing still happen until now.
-
July 24th, 2006, 04:06 AM
#6
Edit: I mixed up destination and source. >.<
When death sleeps it dreams of you...
-
July 24th, 2006, 11:52 AM
#7
169.254.1.33 is a local ip address. You've probably got a loopback of some sort going on.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
July 24th, 2006, 02:21 PM
#8
Junior Member
Note that 169.254.1.33 is my DNS server. i didn't seen this weird traffic before this (i reviewed my firewall logs everyday).
-
July 25th, 2006, 10:45 AM
#9
/me hates incomplete firewall logs...
What are the source/destination ports of the blocked traffic?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 25th, 2006, 03:24 PM
#10
Junior Member
Traffic to my DNS server.
Traffic from my DNS server.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|