Re: Re: Strange ports

["Thor (Hammer of God)" <thor () hammerofgod com>]

If you use Exchange (well, specifically, if Exchange is doing the DNS 
lookup) then you do need TCP 53 as Exchange SMTP (or IIS SMTP) uses TCP by 
default for DNS queries.  This is actually a good thing, as it is easier to 
build an outbound only TCP 53 rule that will only allow established 
connections returned as opposed to any UPD packet with the destination port 
set at 53 (what would be or look like return queries).  If one is providing 
DNS server resources, then the published server should have appropriate DNS 
application level filtering (as ISA does) in order to ensure that actual DNS 
traffic is published, and not just anything that happens to use 53.

t




----- Original Message ----- 
From: <brian.marino () onenterprises com>
To: <pen-test () securityfocus com>
Sent: Friday, June 22, 2007 4:41 AM
Subject: Re: Re: Strange ports


I would agree that port 53 UDP needs to be open.  Port 53 TCP does not 
unless you are doing large DNS zone transfers.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------