Home page logo

nanog logo nanog mailing list archives

Re: [Re: [Re: M$SQL cleanup incentives]]
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Sat, 22 Feb 2003 02:18:07 +0000 (GMT)

BB> Date: Fri, 21 Feb 2003 14:08:46 -0600 (CST)
BB> From: Bryan Bradsby

JS> it isn't legit for what i have in my network though :-)

BB> Really? So you're blocking udp/1434 both in and out?
BB> Got any DNS servers on your network? Any of your desktop
BB> clients use DNS?

s/DNS/UDP-based servers/

BB> Recent versions of un*x BIND will pick a random port above
BB> 1024 for udp conversations. It can and has picked 1434.

Standard socket(2) behavior.  BIND [hopefully] runs chown(2)ed,
so the source port number must be >= 1024.

BB> DNS clients will eventually timeout and fall back to another
BB> server, so any problems would be transient, but the packets
BB> were legit, right?

Stateful packet filters are nice.  Properly written, they protect
both inbound and outbound traffic and need to track very little

Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist () brics com>, or you are likely to
be blocked.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]