DNS fedora box showing P2P activity port 45179 to port 6346

Alexander Dalloz ad+lists at uni-x.org
Wed Jun 8 15:20:01 UTC 2005


Am Mi, den 08.06.2005 schrieb Jim Christiansen um 16:55:

> Hello,  My ISP provider has reported back to me that they have logged 
> suspicious traffic on my DNS box.  Here is a clip that shows what they have 
> recorded...
> 
> If I lock down all but udp 53 with iptables will my DNS still work??
> 
> What the heck is this?? Thanks for any ideas.. Jim
> 
> 2005-04-26/09:57:14 2005-04-26/09:57:59     142.26.181.85     6-tcp   45179  
>             24.150.56.151    6346              5           300  CANADA

Not clear to me where your DNS host is located and what else it does.
Can it be that you are running P2P in your net which uses the DNS host?
If not intended, then find the bad install. Maybe you are trojaned.

DNS uses both UDP and TCP port 53.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp 
Serendipity 17:13:30 up 15 days, 15:51, load average: 0.10, 0.10, 0.06 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050608/1764c10d/attachment-0001.sig>


More information about the fedora-list mailing list