Ron DuFresne wrote:
Depends on the resolver. I just did some tests from Windows XPSP1 while running Ethereal. If you use the Windows nslookup, it does indeed use a different source port for each request. However, if you try it from the cmd prompt with ping, or from a browser (both of which I presume use the lookup calls from wsock32.dll) then it does not change source ports. In fact, it used the same source port to try both (fake) DNS hosts I configured. It used the same source port half a minute later when I tried again.Perhaps I'm wrong and will be corrected, but nslookup and dig and the various other tools retry after a short timeout period, and do so on different ports then the first timeout request was made.<?> If I'm reading this correctly, then the significance of a dropped packet in a request is minimal.
The overall point being that if you start blocking arbitrary ports, you break things in interesting ways.
BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
