I spent a huge part of my day yesterday trying to find an answer.
But I've absolutely no idea what's causing it.
It seems to have started on Friday night.
I'm a bit confused as to it being on port 53, and concerened that it might be DNS related.
Or would you suggest that I'm under a SYN flood attack ?
Today I ran
netstat -nta | egrep "State|53"
and can see a number of entries on my port 53
Code:
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.5:56332 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.32:49003 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.233:64038 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.1:40350 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.242:38055 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.129:63249 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.208:53976 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.135:46353 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.59:59682 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.120:47536 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.90:34748 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.161:55723 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.120:59579 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.165:52384 SYN_RECV
tcp 0 0 xxx.xxx.xxx.xx:53 yyy.yy.240.93:55971 SYN_RECV
could these be related.
Could anyone give any pointers to help me try and determine the root ?