Port Details - Port 53

Oct 22 5,539 Oct 24 4,498 Oct 25 5,134 Oct 26 5,530 Oct 27 5,274 Oct 28 5,364 Oct 29 5,315 Oct 30 5,317 Oct 31 4,885 Nov 01 4,556 Nov 02 4,673 Nov 03 4,515 Nov 04 4,484 Nov 05 4,572 Nov 06 5,078 Nov 07 4,582 Nov 08 4,481 Nov 09 5,898 Nov 10 4,909 Nov 11 4,694 Nov 12 4,875 Nov 13 5,204 Nov 14 6,014 Nov 15 6,995 Nov 16 6,272 Nov 17 6,434 Nov 18 6,383 Nov 19 6,023 Nov 20 3,759 Nov 21 415 Oct 22 2,170 Oct 24 1,372 Oct 25 2,111 Oct 26 5,779 Oct 27 6,680 Oct 28 3,604 Oct 29 19,606 Oct 30 3,321 Oct 31 2,857 Nov 01 6,412 Nov 02 2,518 Nov 03 7,939 Nov 04 8,233 Nov 05 4,191 Nov 06 3,576 Nov 07 4,420 Nov 08 3,341 Nov 09 1,959 Nov 10 1,028 Nov 11 2,050 Nov 12 2,384 Nov 13 1,596 Nov 14 1,505 Nov 15 2,225 Nov 16 4,554 Nov 17 1,973 Nov 18 1,949 Nov 19 3,826 Nov 20 1,903 Nov 21 103
[show ascii data]
  • Start Date:
  • End Date:
  • Port:
  • Left Graph:
  • Right Graph:
  • Show Range:Yes No

Port Information

ProtocolServiceName
tcpdomainDomain Name Server
udpdomainDomain Name Server
tcpADMworm[trojan] ADM worm
tcpLion[trojan] Lion
[get complete service list]

User Comment

Submitted ByDate
Comment
Clarke Morledge2005-10-14 00:44:13
If an America Online's Instant Messenger (AIM) client attempts to connect to port 5190 to reach a server and can not, it will go ahead and try to reach an AIM server on TCP port 53. Sometimes 5190/tcp is blocked by firewalls so the attempt to communicate on port 53, which is normally open for DNS, works to get around the firewall restriction (IMHO, this defeats the whole purpose of trying to associate an application protocol to a particular transport layer port).
2004-06-15 02:01:42
What does this mean ? User Comment - Port 53 back to port details Speedera's latency checking service is known to send port 53 UDP packets. See: http://archives.neohapsis.com/archives/snort/2002-07/0626.html ----- Submitted by: Tom Liston. Last update: Feb 10th 2004
Tom Liston2004-02-10 21:24:25
Speedera's latency checking service is known to send port 53 UDP packets. See: http://archives.neohapsis.com/archives/snort/2002-07/0626.html
Marcus H. Sachs, SANS Institute2003-10-10 00:35:36
SANS Top-20 Entry: U1 BIND Domain Name System http://isc.sans.org/top20.html#u1 The Berkeley Internet Name Domain (BIND) package is the most widely used implementation of the Domain Name Service (DNS), a critical system that allows the conversion of hostnames (e.g. www.sans.org) into the registered IP address. The ubiquity and critical nature of BIND has made it a frequent target, especially in Denial of Service (DoS) attacks, which can result in a complete loss of accessibility to the Internet for services and hosts. Whilst BIND developers have historically been quick to repair vulnerabilities, an inordinate number of outdated, misconfigured and/or vulnerable servers remain in place.
Johannes Ullrich2002-10-11 16:40:56
Port 53 is used by DNS (Domain Name System). DNS takes care of recolving human readable 'host names' into numeric IP addresses. A commonly used DNS server called BIND has had a rich history of security problems. As a result, BIND and port 53 are frequent targets and a couple worms used BIND exploits to propagate.
Add a comment

CVE Links

CVE #Description
CVE-1999-9 "Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases."
CVE-1999-532 "A DNS server allows zone transfers."
CVE-1999-532 "A DNS server allows zone transfers."
CVE-1999-833 "Buffer overflow in BIND 8.2 via NXT records."
CVE-2001-10 "Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges."
CVE-2001-10 "Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges."