UDP ports 15024 and 53

Printable View

October 8th, 2003, 05:56 AM
rib0flavin

UDP ports 15024 and 53

My firewall has logged about a hundred hits to 15024 and 53 starting around 2300 est, all from various hosts. What gives?
October 8th, 2003, 04:48 PM
Striek

I was able to find this. It looks like an exploit designed to take advantage of vulnerabilities in BIND, BSD, and GNU versions of the DNS resolver. Just make sure that these are not normal DNS queries.

I was unfortunately not able to find any references to port 15024.

My suggestion would be to update your OS with the latest patch available.
What OS are you running?
October 8th, 2003, 04:55 PM
Limpster

Just keep your firewall running
October 8th, 2003, 05:40 PM
GandalfTheGray

DShield (http://www.dshield.org) reports lots of hits on 15024 on 9/11/03, not too much since.
October 9th, 2003, 01:10 AM
rib0flavin

I'm running Mac OSX with strict ipfw rules and blackhole enabled. I didn't consider the traffic a threat, I was more interested in what it could be.
October 9th, 2003, 03:42 AM
heatwave

UDP port 53 is for DNS, as for the 15024, most likely its an attempt for a game connection, found out that some games uses that particular port....
October 9th, 2003, 03:59 AM
cdkj

Also you might want to check out This
October 9th, 2003, 08:49 AM
Galdron

Good advice

Quote:

Originally posted here by Limpster
Just keep your firewall running

This should be the end of the thread unless you are interested in those ports.

:p

BTW the guy has only just joined AO!!!!!!!!! Dont' neg him out yet!

Do not scare good or potentially good ppl. away!

Jezuz give the new members a chance!

Have a fu(*ing heart!

After all AO exixsts on ppl!
October 10th, 2003, 06:06 AM
rib0flavin

Re: Good advice

Quote:

Originally posted here by Galdron

This should be the end of the thread unless you are interested in those ports.

BTW the guy has only just joined AO!!!!!!!!! Dont' neg him out yet!

The responses here haven't been off-putting, they've been helpful. My hope was that someone would recognize the activity.
October 17th, 2003, 10:43 AM
rib0flavin

Re: UDP ports 15024 and 53

Quote:

Originally posted here by rib0flavin
My firewall has logged about a hundred hits to 15024 and 53 starting around 2300 est, all from various hosts. What gives?

Answered my own question:

Today I noticed another string of access attempts to (this time) udp port 11608 and 53. Then it occurred to me that I must be receiving packets meant for the previous owner of my dynamic IP. I confirmed in the firewall log that all the hits started after my modem had reconnected. ::hide-beh

All times are GMT +1. The time now is 01:32 PM.