Security Incidents mailing list archives
Re: DNS ports and scans
From: Ryan Sweat <h3xm3 () SWBELL NET>
Date: Sat, 5 May 2001 23:54:31 -0500
iirc, the most recent bind exploit can exploit named through udp, so blocking tcp may be a false sense of security, or security through obscurity. The best solution is to upgrade and not have to worry about hiding vulnerable daemons behind a filter or firewall. -ryan ----- Original Message ----- From: "Jason Lewis" <jlewis () JASONLEWIS NET> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Saturday, May 05, 2001 11:36 AM Subject: DNS ports and scans : DNS queries are on UDP port 53. TCP port 53 is used for zone transfers. By : blocking TCP port 53 I can't do zone transfers, but clients can still do : lookups on UDP 53. Since I have blocked TCP port 53, I have seen a decrease : in attack attempts on my name servers, primarily because that port isn't : open. I do still see scans for the DNS ports, but nothing more than a port : scan. : : My question is...Can anyone come up with any pros/cons of doing this? : : My name servers are successfully serving my domains, so I don't see a : downside. Thoughts? : : Jason Lewis : http://www.rivalpath.com : "All you can do is manage the risks. There is no security."
Current thread:
- Re: DNS ports and scans Keith Owens (May 07)
- <Possible follow-ups>
- Re: DNS ports and scans Ryan Sweat (May 07)
- Re: DNS ports and scans Abe Getchell (May 07)
- Re: DNS ports and scans Valdis Kletnieks (May 07)
- Re: DNS ports and scans Frijole (May 14)
- Re: DNS ports and scans Crist Clark (May 14)
- RE: DNS ports and scans John Coke (May 15)