[dns-operations] udp/49153
Ken A
ka at pacific.net
Tue Dec 2 01:06:10 UTC 2008
Sam Norris wrote:
>> On Mon, 1 Dec 2008, Sam Norris wrote:
>>
>>> Just taking a quick poll about dns queries coming in on udp/49153.
>>> Does anyone know what resolver is using this port, and why ?
>>
>> Hi Sam,
>>
>> I assume you're saying that 49153 is the destination port for what
>> appears to be DNS messages hitting your authoritative nameservers,
>> right?
>>
>> If so, can you show us how it looks in tcpdump (or wireshark?)
>>
>> DW
>
> These are requests coming _to_ destination port 49153, not source ports.
> This is why they stuck out, they are querying the wrong port for DNS. I
> will put together some packet captures to share shortly. My guess is a
> broken NAT or proxy device somewhere. I was trying to determine the
> user agent so we could look into it more.
>
isc.sans.org says they might be SCADA related.
http://isc.sans.org/port.html?port=49153
Ken
> Sam
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
--
Ken Anderson
http://www.pacific.net/
More information about the dns-operations
mailing list