Port Details - Port 53

Aug 03 14,657 Aug 04 14,966 Aug 05 14,640 Aug 06 13,558 Aug 07 10,438 Aug 08 10,731 Aug 09 12,975 Aug 10 13,024 Aug 11 12,458 Aug 12 12,972 Aug 13 12,149 Aug 14 10,398 Aug 15 9,516 Aug 16 10,653 Aug 17 11,973 Aug 18 11,638 Aug 19 12,488 Aug 20 12,738 Aug 21 11,190 Aug 22 9,774 Aug 23 11,164 Aug 24 11,938 Aug 25 11,383 Aug 26 9,032 Aug 27 7,670 Aug 28 6,876 Aug 29 5,982 Aug 30 6,839 Aug 31 7,602 Sep 01 9,609 Sep 02 5,372 Aug 03 15,996 Aug 04 877 Aug 05 1,024 Aug 06 1,084 Aug 07 2,368 Aug 08 17,990 Aug 09 4,148 Aug 10 3,086 Aug 11 15,518 Aug 12 1,810 Aug 13 895 Aug 14 997 Aug 15 2,168 Aug 16 992 Aug 17 2,295 Aug 18 1,106 Aug 19 5,175 Aug 20 3,481 Aug 21 1,023 Aug 22 965 Aug 23 3,663 Aug 24 875 Aug 25 32,465 Aug 26 5,614 Aug 27 845 Aug 28 3,476 Aug 29 958 Aug 30 770 Aug 31 2,008 Sep 01 766 Sep 02 514
[show ascii data]
  • Start Date:
  • End Date:
  • Port:
  • Left Graph:
  • Right Graph:
  • Show Range:Yes No

Port Information

ProtocolServiceName
tcpdomainDomain Name Server
udpdomainDomain Name Server
tcpADMworm[trojan] ADM worm
tcpLion[trojan] Lion
[get complete service list]

User Comment

Submitted ByDate
Comment
Alexander Dupuy2009-12-10 18:41:48
Dell RACADM remote access controller command line interface uses TCP port 5869 to contact some (older) DRAC 3 & 4 management cards. See pages 30 & 32 of http://support.dell.com/support/edocs/software/smsom/6.0.1/en/ug/pdf/ug.pdf
Clarke Morledge2005-10-14 00:44:13
If an America Online's Instant Messenger (AIM) client attempts to connect to port 5190 to reach a server and can not, it will go ahead and try to reach an AIM server on TCP port 53. Sometimes 5190/tcp is blocked by firewalls so the attempt to communicate on port 53, which is normally open for DNS, works to get around the firewall restriction (IMHO, this defeats the whole purpose of trying to associate an application protocol to a particular transport layer port).
2004-06-15 02:01:42
What does this mean ? User Comment - Port 53 back to port details Speedera's latency checking service is known to send port 53 UDP packets. See: http://archives.neohapsis.com/archives/snort/2002-07/0626.html ----- Submitted by: Tom Liston. Last update: Feb 10th 2004
Tom Liston2004-02-10 21:24:25
Speedera's latency checking service is known to send port 53 UDP packets. See: http://archives.neohapsis.com/archives/snort/2002-07/0626.html
Marcus H. Sachs, SANS Institute2003-10-10 00:35:36
SANS Top-20 Entry: U1 BIND Domain Name System http://isc.sans.org/top20.html#u1 The Berkeley Internet Name Domain (BIND) package is the most widely used implementation of the Domain Name Service (DNS), a critical system that allows the conversion of hostnames (e.g. www.sans.org) into the registered IP address. The ubiquity and critical nature of BIND has made it a frequent target, especially in Denial of Service (DoS) attacks, which can result in a complete loss of accessibility to the Internet for services and hosts. Whilst BIND developers have historically been quick to repair vulnerabilities, an inordinate number of outdated, misconfigured and/or vulnerable servers remain in place.
Johannes Ullrich2002-10-11 16:40:56
Port 53 is used by DNS (Domain Name System). DNS takes care of recolving human readable 'host names' into numeric IP addresses. A commonly used DNS server called BIND has had a rich history of security problems. As a result, BIND and port 53 are frequent targets and a couple worms used BIND exploits to propagate.
Add a comment

CVE Links

CVE #Description
CVE-1999-9 "Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases."
CVE-1999-532 "A DNS server allows zone transfers."
CVE-1999-532 "A DNS server allows zone transfers."
CVE-1999-833 "Buffer overflow in BIND 8.2 via NXT records."
CVE-2001-10 "Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges."
CVE-2001-10 "Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges."