|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Interesting DNS Traffic
Vern Paxson (vern
ee.lbl.gov)
Wed, 02 Jun 1999 01:00:42 PDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Will Kempf: "Anybody have a clue why..."
- Previous message: Ryan Russell: "Re: Interesting DNS Traffic"
> Unless I am being ignorant, doesnt this NOT comply with the RFC that
> have to deal with return port numbers on all ip packets?
That's a BSD convention, not an RFC requirement. There are other systems
that don't follow the convention ... Let's see ... from a look at yesterday's
traffic logs, about 0.67% of the connections (one in 150) had both source
and destination port < 1024 (and about 0.1% of those had both source and
destination port < 512 ... though all of those were attacks! (scans))
Vern
- Next message: Will Kempf: "Anybody have a clue why..."
- Previous message: Ryan Russell: "Re: Interesting DNS Traffic"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT