Strange traffic from ISP dns server
Hi!
Im running snort om my firewall and it keeps catching connections from
one of my ISP's DNS servers. Im quite sure this traffic is legit but it
has been bugging me for while what it's there for. Since its coming from
port 53 Im guessing that it has something todo with DNS. My ISP assigns
a hostname ( ex. h106n2fls32o852.telia.com ) to my machine when I lease
a IP-address, could this just be that they are checking if my IP-address
matches the IP-address assigned the hostname it their records?
Jan 10 19:46:04 mars snort: ShockRave: 10.0.0.1:53 -> <my-ip>:1981
Jan 10 20:03:12 mars snort: Back Door: 10.0.0.1:53 -> <my-ip>:1999
Jan 10 20:03:13 mars snort: Trojan Cow: 10.0.0.1:53 -> <my-ip>:2001
Jan 10 20:03:23 mars snort: Ripper Pro: 10.0.0.1:53 -> <my-ip>:2023
Jan 10 20:16:24 mars snort: Bugs: 10.0.0.1:53 -> <my-ip>:2115
Jan 11 02:06:58 mars snort: Striker: 10.0.0.1:53 -> <my-ip>:2565
Jan 11 15:56:25 mars snort: Phineas Phucker: 10.0.0.1:53 -> <my-ip>:2801
Jan 11 18:04:35 mars snort: Rat backdoor: 10.0.0.1:53 -> <my-ip>:2989
Jan 11 18:09:27 mars snort: WinCrash: 10.0.0.1:53 -> <my-ip>:3024
Jan 12 19:33:17 mars snort: Deep Throat/Invasor: 10.0.0.1:53 -> <my-ip>:3150
Any ideas on that what this traffic is all about would be appreciated...
// Peter
Reply to: