Security Basics mailing list archives

RE: TCP DNS requests

From: "Meidling, Keith, CTR, OSD-C3I" <Keith.Meidling () osd mil>
Date: Thu, 31 Oct 2002 06:57:13 -0500

One program I know of that uses TCP requests for DNS requests is Microsoft's
SMTP server that's bundled with IIS. There's a KB artilcle on MS's website
that states that the RFC for DNS servers should be able to accept UDP and
TCP requests. MS took this to extreme and set their SMTP server to ONLY use
TCP for DNS. 

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q276347

Might want to check your suspect client to see if they have an SMTP server
set up.

my .02

-----Original Message-----
From: Carl R Diliberto [mailto:cdiliberto () hotmail com]
Sent: Wednesday, October 30, 2002 8:46 AM
To: security-basics
Subject: TCP DNS requests


We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses.  My manager would like to block the TCP
packets.  What or why would their be random TCP packets?  We monitored
several clients and it appears it only needs UDP.

Thanks
Carl

Current thread:

TCP DNS requests Carl R Diliberto (Oct 30)
- Re: TCP DNS requests Douglas K. Fischer (Oct 31)
- RE: TCP DNS requests Daniel Miessler (Oct 31)
- RE: TCP DNS requests Larry R. (Oct 31)
- <Possible follow-ups>
- Re: TCP DNS requests Martin Wasson (Oct 31)
- RE: TCP DNS requests Raghu Chinthoju (Oct 31)
- RE: TCP DNS requests Meidling, Keith, CTR, OSD-C3I (Oct 31)
- RE: TCP DNS requests Mike Powell (Oct 31)