Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Wed Oct 10 2001 - 15:13:50 CDT
This appears to be normal behavior.
BIND uses UDP 53 for it's listening port, but the responses appear from an
incrementing high number UDP port.
For example, my DNS server is currently answering a query on UDP 45441, then
the next query is answered on port 45442.
TCP 53 is actually used for Zone transfers, whereas regular nslookup type
queries happen on UDP 53.
This is normal when the name daemon forks, it needs it's own unique port.
"Jas Amidzic" <jasmin.amidzicabs.gov.au> on 10/09/2001 04:22:54 PM
Sent by: "Jas Amidzic" <jasmin.amidzicabs.gov.au>
cc: (Abel Lopez/HQ/3Com)
Subject: BIND and 32774 or 32775 UDP ports
BIND 9.1.3 besides listening to TCP port 53 also appear to be listening on UDP
ports 32774 and 32775. Quick nmap scan reviled this ports identifying them as
'sometimes-rpc12' and 'sometimes-rpc14'. However this ports apart to be
associated with BIND, once BIND is stooped 'netstat' does not list those ports
as being in the listening state. Pleas not that all RPC services on the box are
I am not sure why this ports are being put in listening state by BIND. Any
ABS Australian Business Number: 26 331 428 522 ABS Web Site: