Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SQL Slammer - lessons learned

From: "Cushing, David" <David.Cushing () hitachisoftware com>
Date: Wed, 5 Feb 2003 14:45:48 -0500
* pauls () utdallas edu (Paul Schmehl) [Wed 05 Feb 2003, 16:57 CET]:

No, you wouldn't, because DNS servers talk on port 53, and 

they wouldn't

negotiate port 1434 because it's reserved for SQL.


Please learn how the Internet works.  BIND8 and up don't use 53 as
source for outgoing queries anymore by default; you can 
override this in named.conf with .....


Perhaps everyone should start indicating whether they are talking
about source or destination ports.

Paul was talking about the destination port that the server was 
listening on, which will always be 53 for a DNS server.  The only 
DNS server that will accept a packet on UDP 1434 is a customized 
one.

You are talking about the source port used when making queries.  
The source port is not part of the specification, so cannot be 
counted on for anything.  Assume it to be random.  

For all you simpletons who don't know how the internet works, 
Niels forgot to send you a link :)

http://www.ietf.org/rfc/rfc1035.txt
4.2 - Transport

-David
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: