Firewall Wizards mailing list archives
Re: Interesting DNS Traffic -Reply
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Thu, 3 Jun 1999 11:15:11 -0400
On Wed, Jun 02, 1999 at 03:43:54PM +0100, Einar EINARSSON wrote:
I thought DNS lookup 'was supposed' to use a random source port above 1023. So why are some implementations using a source port below 1023 and some above 1023 ?
There's no requirement written anywhere that you have to use port number > 1023 for temporary ports. It's a convention that originated on BSD Unix systems, where ports <= 1023 are reserved for privileged (root) processes. An IP implementation that does not use this convention is perfectly within its rights to do so. Relying on this convention for your security is questionable anyway. You usually end up assuming that no internal machine runs any service on a high port. The users of trojan horses like BackOrifice will thank you:-( In short: use passive FTP, and proxy DNS. Ge' -- - Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400, Columbus OH 43220
Current thread:
- Re: Interesting DNS Traffic The Unicorn (Jun 01)
- <Possible follow-ups>
- Re: Interesting DNS Traffic Robert Graham (Jun 01)
- Re: Interesting DNS Traffic Joseph S D Yao (Jun 02)
- Re: Interesting DNS Traffic Andrew Fessler (Jun 01)
- Re: Interesting DNS Traffic Ryan Russell (Jun 02)
- Re: Interesting DNS Traffic David Gillett (Jun 03)
- Re: Interesting DNS Traffic Vern Paxson (Jun 02)
- Re: Interesting DNS Traffic -Reply Einar EINARSSON (Jun 02)
- Re: Interesting DNS Traffic -Reply Ge' Weijers (Jun 03)
- Re: Interesting DNS Traffic -Reply -Reply Einar EINARSSON (Jun 03)
- Re: Interesting DNS Traffic -Reply -Reply Ge' Weijers (Jun 04)
- Re: Interesting DNS Traffic -Reply John McDermott (Jun 03)
- Re: Interesting DNS Traffic -Reply Chris Calabrese (Jun 03)