RE: ZoneAlarm

Bill Lavalette noc/sec Administrator Tue, 04 Apr 2000 19:38:26 -0700
James -

I might be able to shed a little light..

TCP 53 you would want to reject zone transfers from unauthorized  hosts 
this is one of the single most "doh's!! " when setting DNS security a would 
be attacker wouldn't even have to scan a class c to get the recon info he 
needs to launch assaults. it would be all mapped out for him/her in a nice 
neat zone file.



Port 67 is for Bootp may be required to get online with some providers , 
users with cable modems or DSL connections

the port search I used is on our website for those interested 
Http://www.ndrs.com we are in the process of updating our Trojan horse port 
dB at this time so there is partial info in it at this time.

hope this helps

regards

Bill Lavalette
Network Security Administrator
Network Disaster Recovery Systems
Dallas Texas NOC
http://www.ndrs.com
[EMAIL PROTECTED]
PH 817.652.3882
FAX 817.652.3882


-----Original Message-----
From:   James Proffer [SMTP:[EMAIL PROTECTED]]
Sent:   Tuesday, April 04, 2000 8:47 PM
To:     rj
Cc:     [EMAIL PROTECTED]
Subject:        Re: ZoneAlarm

A rejected packet tells the sender there ia an actual machine at the IP
address.  A dropped packet gives no feedback at all.  The target machine
behaves as if it were powered off or disconnected from the network.

What I do not understand (maybe someone on this list can explain) is why
TCP ports 53 and 67 are rejected.  UDP port 53 (DNS) I can understand but
TCP port 53 traffic is AFAIK only used for zone transfers.  For port 67 I
am totally puzzled.


On Tue, 4 Apr 2000, rj wrote:

> What is/are the significent difference/s between dropping and rejecting
> TCP packets? Does the fact that the firewall rejected rather than dropped
> the packets portend something "evil" could happen?
>
> Thanks!


--
Missouri State Government Web       <*> James Proffer
http://www.state.mo.us/              |  mailto:[EMAIL PROTECTED]
http://www.state.mo.us/mo/search.htm |  http://www.state.mo.us/server.shtml
mailto:[EMAIL PROTECTED]    |  (573) 751-1544  Fax: (573) 751-3299

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
RE: ZoneAlarm

Reply via email to
