Firewall Wizards mailing list archives

Re: Interesting DNS Traffic -Reply

From: "Ge' Weijers" <ge () progressive-systems com>
Date: Thu, 3 Jun 1999 11:15:11 -0400

On Wed, Jun 02, 1999 at 03:43:54PM +0100, Einar EINARSSON wrote:

I thought DNS lookup 'was supposed' to use a random
source port above 1023. So why are some implementations
using a source port below 1023 and some above 1023 ?


There's no requirement written anywhere that you have to use port
number > 1023 for temporary ports. It's a convention that originated
on BSD Unix systems, where ports <= 1023 are reserved for privileged
(root) processes. An IP implementation that does not use this
convention is perfectly within its rights to do so.

Relying on this convention for your security is questionable anyway.
You usually end up assuming that no internal machine runs any service
on a high port. The users of trojan horses like BackOrifice will thank
you:-(

In short: use passive FTP, and proxy DNS.

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

Current thread:

Re: Interesting DNS Traffic The Unicorn (Jun 01)
- <Possible follow-ups>
- Re: Interesting DNS Traffic Robert Graham (Jun 01)
  - Re: Interesting DNS Traffic Joseph S D Yao (Jun 02)
- Re: Interesting DNS Traffic Andrew Fessler (Jun 01)
- Re: Interesting DNS Traffic Ryan Russell (Jun 02)
  - Re: Interesting DNS Traffic David Gillett (Jun 03)
- Re: Interesting DNS Traffic Vern Paxson (Jun 02)
- Re: Interesting DNS Traffic -Reply Einar EINARSSON (Jun 02)
  - Re: Interesting DNS Traffic -Reply Ge' Weijers (Jun 03)
- Re: Interesting DNS Traffic -Reply -Reply Einar EINARSSON (Jun 03)
  - Re: Interesting DNS Traffic -Reply -Reply Ge' Weijers (Jun 04)
- Re: Interesting DNS Traffic -Reply John McDermott (Jun 03)
- Re: Interesting DNS Traffic -Reply Chris Calabrese (Jun 03)