Port53.To.LessThan1024
Description
It indicates a connection attempt to a privileged port using the source port 53.
Traffic from port 53 is usually a Domain Name Service (DNS) traffic, which should connect to a client on a port number equal to or greater than 1024. Connections to ports less 1024 may indicate several possible exploits.
Affected Products
Any unprotected system connected to the Internet is vulnerable to the attack.
Impact
Attackers can take advantage of the vulnerability to bypass a poorly configured firewall.
Recommended Actions
Disable the connections from port 53 to ports below 1024.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |