Home page logo
/

nanog logo nanog mailing list archives

Re: [Re: [Re: M$SQL cleanup incentives]]
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Sat, 22 Feb 2003 02:18:07 +0000 (GMT)


BB> Date: Fri, 21 Feb 2003 14:08:46 -0600 (CST)
BB> From: Bryan Bradsby


JS> it isn't legit for what i have in my network though :-)

BB> Really? So you're blocking udp/1434 both in and out?
BB>
BB> Got any DNS servers on your network? Any of your desktop
BB> clients use DNS?

s/DNS/UDP-based servers/


BB> Recent versions of un*x BIND will pick a random port above
BB> 1024 for udp conversations. It can and has picked 1434.

Standard socket(2) behavior.  BIND [hopefully] runs chown(2)ed,
so the source port number must be >= 1024.


BB> DNS clients will eventually timeout and fall back to another
BB> server, so any problems would be transient, but the packets
BB> were legit, right?

Stateful packet filters are nice.  Properly written, they protect
both inbound and outbound traffic and need to track very little
state.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist () brics com>
To: blacklist () brics com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist () brics com>, or you are likely to
be blocked.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]