[dns-operations] udp/49153
Sidney Faber
sfaber at cert.org
Mon Dec 1 23:35:59 UTC 2008
Windows Vista and 2008 now use the IANA-recommended ephemeral port range of
49152 - 65535; earlier versions used 1024-5000 (see KB#929851,
http://support.microsoft.com/kb/929851/). From what I've observed, even
Microsoft ISA used the 1024-5k range by default. As windows resolvers are
upgraded, we should see the migration of most 1024+ traffic to 49152+.
This only applies to Microsoft machines not patched with MS08-037; once the
DNS source port randomization patch is applied, 49152 won't be preferred any
more than 65535. (see http://support.microsoft.com/kb/953230, "What is the
effective port range when the value of the MaxUserPort registry entry is set
explicitly?"
Mac OS X and others also use the 49152-65535 range, but I'd bet a majority
of what you're seeing is out-of-the-box Vista installs.
-----Original Message-----
From: dns-operations-bounces at mail.dns-oarc.net
[mailto:dns-operations-bounces at mail.dns-oarc.net] On Behalf Of Sam Norris
Sent: Monday, December 01, 2008 5:11 PM
To: dns-operations at mail.dns-oarc.net
Subject: [dns-operations] udp/49153
Just taking a quick poll about dns queries coming in on udp/49153. Does
anyone know what resolver is using this port, and why ?
Thx,
Sam
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4732 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20081201/6b12a4c1/attachment.bin>
More information about the dns-operations
mailing list