Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Re: Strange ports
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 22 Jun 2007 14:50:12 -0700

If you use Exchange (well, specifically, if Exchange is doing the DNS lookup) then you do need TCP 53 as Exchange SMTP (or IIS SMTP) uses TCP by default for DNS queries. This is actually a good thing, as it is easier to build an outbound only TCP 53 rule that will only allow established connections returned as opposed to any UPD packet with the destination port set at 53 (what would be or look like return queries). If one is providing DNS server resources, then the published server should have appropriate DNS application level filtering (as ISA does) in order to ensure that actual DNS traffic is published, and not just anything that happens to use 53.

t




----- Original Message ----- From: <brian.marino () onenterprises com>
To: <pen-test () securityfocus com>
Sent: Friday, June 22, 2007 4:41 AM
Subject: Re: Re: Strange ports


I would agree that port 53 UDP needs to be open. Port 53 TCP does not unless you are doing large DNS zone transfers.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]