[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Strange traffic from ISP dns server



Hi!

Im running snort om my firewall and it keeps catching connections from one of my ISP's DNS servers. Im quite sure this traffic is legit but it has been bugging me for while what it's there for. Since its coming from port 53 Im guessing that it has something todo with DNS. My ISP assigns a hostname ( ex. h106n2fls32o852.telia.com ) to my machine when I lease a IP-address, could this just be that they are checking if my IP-address matches the IP-address assigned the hostname it their records?

Jan 10 19:46:04 mars snort: ShockRave: 10.0.0.1:53 -> <my-ip>:1981
Jan 10 20:03:12 mars snort: Back Door: 10.0.0.1:53 -> <my-ip>:1999
Jan 10 20:03:13 mars snort: Trojan Cow: 10.0.0.1:53 -> <my-ip>:2001
Jan 10 20:03:23 mars snort: Ripper Pro: 10.0.0.1:53 -> <my-ip>:2023
Jan 10 20:16:24 mars snort: Bugs: 10.0.0.1:53 -> <my-ip>:2115
Jan 11 02:06:58 mars snort: Striker: 10.0.0.1:53 -> <my-ip>:2565
Jan 11 15:56:25 mars snort: Phineas Phucker: 10.0.0.1:53 -> <my-ip>:2801
Jan 11 18:04:35 mars snort: Rat backdoor: 10.0.0.1:53 -> <my-ip>:2989
Jan 11 18:09:27 mars snort: WinCrash: 10.0.0.1:53 -> <my-ip>:3024
Jan 12 19:33:17 mars snort: Deep Throat/Invasor: 10.0.0.1:53 -> <my-ip>:3150

Any ideas on that what this traffic is all about would be appreciated...

// Peter



Reply to: