dan,
whats the signifigance of denying traffic from source
with port > 1k ?
the numeric value of a port does not determine
the level of risk in involved passing this traffic.
it could be from some quake server that is smart
enuf to use a range of ports in an attempt to connect.
what do you do in the case of extended size packets that use tcp?
what of secondaries and zone xfers?
there exploits available via thingz like ssh
that make what port you block mostly a waste of time.
i've seen all 1's (255) nets requesting port 53 and wait until some
ill configured dns server answered and then use that info for whatever.
i'd say yes open 53 up to certain requesting addy ranges.
piranha...>From: Dan Horth <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Blocking Port 53 for range 1:1023
>Date: Wed, 17 Jan 2001 16:26:03 +1100
>
>Hiya - I have our firewall set up to only allow traffic to port 53 on
>our DNS server when it originates from ports 1024 and higher as per
>advice I read while oringinally setting up our firewall. I've been
>noticing reasonably frequent occurences of packets coming in in the
>1:1023 range, and being denied.
>
>Is there any reason why I shouldn't be just opening up all traffic
>destined to port 53 on our DNS server?
>
>Thanks in advance, Dan.
>--
>
>Telezygology / Nitro
>3D Visualisation, Graphics & Animation
>Ph (+61 2) 9810 5177 Fx (+61 2) 9810 0199 http://www.nitro.com.au/
>PGP Public Key: http://www.nitro.com.au/Dan_Horth.pgp.key
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
