> -----Original Message-----
> From: David Gillett [mailto:gillettdavid_at_fhda.edu]
>
> The *purpose* of the exception is NOT "to allow the machine to act
> as a DNS server". Its purpose is to allow the client to
> receive DNS results even when these are returned using TCP
> instead of UDP.
This is exactly what I'm saying too. Right from the beginning I belive ;-)
> The NMAP docs describe exploiting a FIREWALL configuration
> intended to allow machines to act as DNS and FTP CLIENTS.
And this is what I disagree with. To me, the phrase "allow DNS (53) or
FTP-DATA (20) packets to come through" implies a server service (ie.
requests are coming in to my DNS server on port 53).
Sorry for turning this into so many words :-(
---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals. Norwich University is fulfilling this demand with its MS in
Information Security offered online. Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.
http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------
Received on Apr 08 2005
Intro
