[Shorewall-users] What sort of traffic is this?
Wed, 2 Jan 2002 04:27:20 -0800
Hi guys, thought maybe someone would know this off the top of their heads...
What are seemingly legitimate hosts (this one resolves to AskJeeves) doing
trying to UDP to port 0? And always with a SPT of 53?
There aren't too many of these in the logs, so it doesn't seem like DNS, and
the connection list shows no connections to the related address.
And if it's a legitimate entry, why can't I find anything for port 0 in the
Jan 2 03:27:56 net2all:DROP:IN=eth0 OUT=eth1 SRC=22.214.171.124
DST=192.168.0.25 LEN=64 TOS=0x00 PREC=0x00 TTL=1 ID=32523 PROTO=UDP SPT=53
Someday I'll make a real sig
Tracking #: 2E94C06212BCC54EBAF57D6BA0F7FF1AE43A8EE3