Re: [OT] port 53
On Sun, 1 Jul 2012 23:26:58 +0800
lina <lina.lastname@gmail.com> wrote:
> Hi,
>
> (1) What shall I do if lots of foreign address connected to my port 53
> (details see the bottom),
>
Not worry about it. I get a lot of attempted connections to 53, which
are all completely bogus as no public DNS server has run on this IP
address for at least thirteen years that I know of, and my IP address is
certainly not listed anywhere as a nameserver for any of my domains.
Many connections come from China...
There have been a number of BIND vulnerabilities over the years, and
I'm sure MS has had a similar number, and there are a few weaknesses
involved theoretically with DNS. Control of a DNS server, even a
private one, is a rich prize for a cracker, so it's a heavily-attacked
service.
> (2) ssh: Could not resolve hostname at the same time.
I wouldn't see much connection there. It sounds as if something is
amiss with your DNS setup, as others have said. Your local DNS server,
whatever it is, should not be open to the Internet, and there really
should be no link with these external connection attempts.
>
> (3) Seems it's initiated by iceweasle.
>
Mine mostly are random, but some of them have some connection with
whatever my son does by way of Internet gaming. His computer is in my
DMZ.
If you're browsing commercial sites, you're probably accessing many
other sites without your knowledge. Just about every commercial webpage
now seems to include JavaScript to connect to all the social networks
known to Man, as well as various Google functions and ad trackers. I
run No-Script in FF/IW (there are many other script-control add-ins)
to try to minimise this rubbish, but most web designers today seem
incapable of displaying anything without using JavaScript.
--
Joe
Reply to: