Port 53 Information
Share on:
Dec 16, 2020
portinfopage
Information about Port 53
- This is a collection of basic information about port 53 gathered from various sources, including TCP and UDP services as well as the number of source and target IPs attacked on these ports. This information is up to date as of 2020-12-16.
Description
- Domain Name Server
tcp
- ADMworm
- Lion
- domain
udp
- domain
trojans
- ADM
- trojantd
sources
- 1018
targets
- 346
etopensource
- ET_DNS_Excessive_DNS_Responses_with_1or_more_RR’s(100+in_10_seconds)-_possible_Cache_Poisoning_Attempt
- ET_DNS_Excessive_DNS_Responses_with_1or_more_RR’s(100+_in_10_seconds)_to_google.com.br_possible_Cache_Poisoning_Attempt
- ET_DNS_Excessive_NXDOMAIN_responses_-_Possible_DNS_Backscatter_or_Domain_Generation_Algorithm_Lookups
- ET_DNS_Query_Responses_with_3RR’s_set(50+in_2_seconds)-_possible_A_RR_Cache_Poisoning_Attempt
- ET_DNS_Query_Responses_with_3RR’s_set(50+in_2_seconds)-_possible_NS_RR_Cache_Poisoning_Attempt
- ET_DNS_Reply_Sinkhole_-_106.187.96.49_blacklistthisdomain.com
- ET_DNS_Reply_Sinkhole_-_1and1_Internet_AG
- ET_DNS_Reply_Sinkhole_-_Dr._Web
- ET_DNS_Reply_Sinkhole_-Georgia_Tech(1)
- ET_DNS_Reply_Sinkhole_-Georgia_Tech(2)
- ET_DNS_Reply_Sinkhole_-_German_Company
- ET_DNS_Reply_Sinkhole_-_Zinkhole.org
- ET_DNS_Reply_Sinkhole_-_sinkhole.cert.pl_148.81.111.111
- ET_DNS_Reply_Sinkhole_FBI_Zeus_P2P_1_-_142.0.36.234
- ET_DNS_Standard_query_response,_Format_error
- ET_DNS_Standard_query_response,_Name_Error
- ET_DNS_Standard_query_response,_Not_Implemented
- ET_DNS_Standard_query_response,_Refused
- ET_DOS_DNS_Amplification_Attack_Outbound
- ET_DOS_DNS_Amplification_Attack_Possible_Inbound_Windows_Non-Recursive_Root_Hint_Reserved_Port
- ET_DOS_DNS_Amplification_Attack_Possible_Outbound_Windows_Non-Recursive_Root_Hint_Reserved_Port
- ET_EXPLOIT_Possible_2015-7547_Malformed_Server_response
- ET_EXPLOIT_Possible_2015-7547_PoC_Server_Response
- ET_EXPLOIT_Possible_CVE-2014-6271_exploit_attempt_via_malicious_DNS
- ET_EXPLOIT_Possible_CVE-2014-6271_malicious_DNS_response
- ET_EXPLOIT_Possible_CVE-2015-7547_Large_Response_to_A/AAAA_query
- ET_EXPLOIT_Possible_CVE-2015-7547_Long_Response_to_AAAA_lookup
- ET_EXPLOIT_Possible_CVE-2015-7547_Long_Response_to_A_lookup
- ET_EXPLOIT_Possible_CVE-2015-7547_Malformed_Server_Response_A/AAAA
- ET_EXPLOIT_Possible_Windows_DNS_Integer_Overflow_Attempt_M1_(CVE-2020-1350)
- ET_INFO_Possible_NOP_Sled_Observed_in_Large_DNS_over_TCP_Packet_M2
- ET_INFO_Suspicious_HTTP_GET_Request_on_Port_53_Inbound
- ET_INFO_Suspicious_HTTP_POST_Request_on_Port_53_Inbound
- ET_MALWARE_CobaltStrike_DNS_Beacon_Response
- ET_MALWARE_DNSMessenger_Payload_(TXT_base64_gzip_header)
- ET_MALWARE_DNS_Reply_Sinkhole_-Anubis/BitSight-_35.205.61.67
- ET_MALWARE_DNS_Reply_Sinkhole_-Anubis-_195.22.26.192/26
- ET_MALWARE_DNS_Reply_Sinkhole_-IP-_161.69.13.44
- ET_MALWARE_DNS_Reply_Sinkhole_-Microsoft-_131.253.18.11-12
- ET_MALWARE_DNS_Reply_Sinkhole_-Microsoft-_199.2.137.0/24
- ET_MALWARE_DNS_Reply_Sinkhole_-Microsoft-_207.46.90.0/24
- ET_MALWARE_DNS_Reply_Sinkhole_Microsoft_NO-IP_Domain
- ET_MALWARE_DNS_Reply_for_unallocated_address_space_-_Potentially_Malicious_1.1.1.0/24
- ET_MALWARE_Kaspersky_Sinkhole_DNS_Reply
- ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.cc)
- ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.cn)
- ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.hk)
- ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.in)
- ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.so)
- ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.tk)
- ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.to)
- ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.ws)
- ET_MALWARE_Possible_Emotet_DGA_NXDOMAIN_Responses
- ET_MALWARE_Possible_Kelihos_.eu_CnC_Domain_Generation_Algorithm_(DGA)_Lookup_NXDOMAIN_Response
- ET_MALWARE_Possible_Tinba_DGA_NXDOMAIN_Responses
- ET_MALWARE_Possible_Tinba_DGA_NXDOMAIN_Responses_(2)
- ET_MALWARE_Possible_Zeus_P2P_Variant_DGA_NXDOMAIN_Responses_July_11_2014
- ET_MALWARE_Vobus/Beebone_Sinkhole_DNS_Reply
- ET_MALWARE_Wapack_Labs_Sinkhole_DNS_Reply
- ET_MALWARE_Win32.Hyteod.acox_Domain_Generation_Algorithm_(DGA)_Lookup_NXDOMAIN_Response
- ET_MALWARE_Win32.Zbot.chas/Unruy.H_Covert_DNS_CnC_Channel_TXT_Response
- ET_MALWARE_Zeus_GameOver_Possible_DGA_NXDOMAIN_Responses
- ET_POLICY_Unusual_number_of_DNS_No_Such_Name_Responses
- GPL_DNS_SPOOF_query_response_PTR_with_TTL_of_1_min._and_no_authority
- GPL_DNS_SPOOF_query_response_with_TTL_of_1_min._and_no_authority
- GPL_MISC_source_port_53to<1024
CVEs Associated with Port 53
CVE-2003-1491 CVE-2007-1465 CVE-2007-1866 CVE-2011-1002 CVE-2017-17537 CVE-2018-19528 CVE-1999-0275 CVE-1999-0438 CVE-2001-1259 CVE-2009-1152