Port 53 Information

Share on:
Dec 16, 2020 portinfopage

Information about Port 53

  • This is a collection of basic information about port 53 gathered from various sources, including TCP and UDP services as well as the number of source and target IPs attacked on these ports. This information is up to date as of 2020-12-16.

Description

  • Domain Name Server

tcp

  • ADMworm
  • Lion
  • domain

udp

  • domain

trojans

  • ADM
  • trojantd

sources

  • 1018

targets

  • 346

etopensource

  • ET_DNS_Excessive_DNS_Responses_with_1or_more_RR’s(100+in_10_seconds)-_possible_Cache_Poisoning_Attempt
  • ET_DNS_Excessive_DNS_Responses_with_1or_more_RR’s(100+_in_10_seconds)_to_google.com.br_possible_Cache_Poisoning_Attempt
  • ET_DNS_Excessive_NXDOMAIN_responses_-_Possible_DNS_Backscatter_or_Domain_Generation_Algorithm_Lookups
  • ET_DNS_Query_Responses_with_3RR’s_set(50+in_2_seconds)-_possible_A_RR_Cache_Poisoning_Attempt
  • ET_DNS_Query_Responses_with_3RR’s_set(50+in_2_seconds)-_possible_NS_RR_Cache_Poisoning_Attempt
  • ET_DNS_Reply_Sinkhole_-_106.187.96.49_blacklistthisdomain.com
  • ET_DNS_Reply_Sinkhole_-_1and1_Internet_AG
  • ET_DNS_Reply_Sinkhole_-_Dr._Web
  • ET_DNS_Reply_Sinkhole_-Georgia_Tech(1)
  • ET_DNS_Reply_Sinkhole_-Georgia_Tech(2)
  • ET_DNS_Reply_Sinkhole_-_German_Company
  • ET_DNS_Reply_Sinkhole_-_Zinkhole.org
  • ET_DNS_Reply_Sinkhole_-_sinkhole.cert.pl_148.81.111.111
  • ET_DNS_Reply_Sinkhole_FBI_Zeus_P2P_1_-_142.0.36.234
  • ET_DNS_Standard_query_response,_Format_error
  • ET_DNS_Standard_query_response,_Name_Error
  • ET_DNS_Standard_query_response,_Not_Implemented
  • ET_DNS_Standard_query_response,_Refused
  • ET_DOS_DNS_Amplification_Attack_Outbound
  • ET_DOS_DNS_Amplification_Attack_Possible_Inbound_Windows_Non-Recursive_Root_Hint_Reserved_Port
  • ET_DOS_DNS_Amplification_Attack_Possible_Outbound_Windows_Non-Recursive_Root_Hint_Reserved_Port
  • ET_EXPLOIT_Possible_2015-7547_Malformed_Server_response
  • ET_EXPLOIT_Possible_2015-7547_PoC_Server_Response
  • ET_EXPLOIT_Possible_CVE-2014-6271_exploit_attempt_via_malicious_DNS
  • ET_EXPLOIT_Possible_CVE-2014-6271_malicious_DNS_response
  • ET_EXPLOIT_Possible_CVE-2015-7547_Large_Response_to_A/AAAA_query
  • ET_EXPLOIT_Possible_CVE-2015-7547_Long_Response_to_AAAA_lookup
  • ET_EXPLOIT_Possible_CVE-2015-7547_Long_Response_to_A_lookup
  • ET_EXPLOIT_Possible_CVE-2015-7547_Malformed_Server_Response_A/AAAA
  • ET_EXPLOIT_Possible_Windows_DNS_Integer_Overflow_Attempt_M1_(CVE-2020-1350)
  • ET_INFO_Possible_NOP_Sled_Observed_in_Large_DNS_over_TCP_Packet_M2
  • ET_INFO_Suspicious_HTTP_GET_Request_on_Port_53_Inbound
  • ET_INFO_Suspicious_HTTP_POST_Request_on_Port_53_Inbound
  • ET_MALWARE_CobaltStrike_DNS_Beacon_Response
  • ET_MALWARE_DNSMessenger_Payload_(TXT_base64_gzip_header)
  • ET_MALWARE_DNS_Reply_Sinkhole_-Anubis/BitSight-_35.205.61.67
  • ET_MALWARE_DNS_Reply_Sinkhole_-Anubis-_195.22.26.192/26
  • ET_MALWARE_DNS_Reply_Sinkhole_-IP-_161.69.13.44
  • ET_MALWARE_DNS_Reply_Sinkhole_-Microsoft-_131.253.18.11-12
  • ET_MALWARE_DNS_Reply_Sinkhole_-Microsoft-_199.2.137.0/24
  • ET_MALWARE_DNS_Reply_Sinkhole_-Microsoft-_207.46.90.0/24
  • ET_MALWARE_DNS_Reply_Sinkhole_Microsoft_NO-IP_Domain
  • ET_MALWARE_DNS_Reply_for_unallocated_address_space_-_Potentially_Malicious_1.1.1.0/24
  • ET_MALWARE_Kaspersky_Sinkhole_DNS_Reply
  • ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.cc)
  • ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.cn)
  • ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.hk)
  • ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.in)
  • ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.so)
  • ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.tk)
  • ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.to)
  • ET_MALWARE_Possible_Dyre_DGA_NXDOMAIN_Responses_(.ws)
  • ET_MALWARE_Possible_Emotet_DGA_NXDOMAIN_Responses
  • ET_MALWARE_Possible_Kelihos_.eu_CnC_Domain_Generation_Algorithm_(DGA)_Lookup_NXDOMAIN_Response
  • ET_MALWARE_Possible_Tinba_DGA_NXDOMAIN_Responses
  • ET_MALWARE_Possible_Tinba_DGA_NXDOMAIN_Responses_(2)
  • ET_MALWARE_Possible_Zeus_P2P_Variant_DGA_NXDOMAIN_Responses_July_11_2014
  • ET_MALWARE_Vobus/Beebone_Sinkhole_DNS_Reply
  • ET_MALWARE_Wapack_Labs_Sinkhole_DNS_Reply
  • ET_MALWARE_Win32.Hyteod.acox_Domain_Generation_Algorithm_(DGA)_Lookup_NXDOMAIN_Response
  • ET_MALWARE_Win32.Zbot.chas/Unruy.H_Covert_DNS_CnC_Channel_TXT_Response
  • ET_MALWARE_Zeus_GameOver_Possible_DGA_NXDOMAIN_Responses
  • ET_POLICY_Unusual_number_of_DNS_No_Such_Name_Responses
  • GPL_DNS_SPOOF_query_response_PTR_with_TTL_of_1_min._and_no_authority
  • GPL_DNS_SPOOF_query_response_with_TTL_of_1_min._and_no_authority
  • GPL_MISC_source_port_53to<1024

CVEs Associated with Port 53

CVE-2003-1491 CVE-2007-1465 CVE-2007-1866 CVE-2011-1002 CVE-2017-17537 CVE-2018-19528 CVE-1999-0275 CVE-1999-0438 CVE-2001-1259 CVE-2009-1152