RE: TCP/IP filtering issues...Please help!

From: Ben Croxton (Ben@AxxessTechnologies.com)
Date: 08/29/02 

From: "Ben Croxton" <Ben@AxxessTechnologies.com>
To: "'duane obrien'" <obrien@apexion.com>
Date: Thu, 29 Aug 2002 14:19:26 -0400

After doing a little research and looking through this response I have
gotten this to work. I appreciate all the responses, and would just like to
say that this list is awesome! Thanks again :o))

BC
 -----Original Message-----
From: duane obrien [mailto:obrien@apexion.com]
Sent: Thursday, August 29, 2002 1:55 PM
To: Ben@AxxessTechnologies.com
Subject: RE: TCP/IP filtering issues...Please help!

http://www.intac.com/~cdp/cptd-faq/section2.html#ports

Basically, port 53 is used to send the request. The DNS Server responds
from port 53 to a UDP port > 1023

Basic win2k filtering can be trickey to get this working.

# -----Original Message-----
# From: Ben Croxton [mailto:Ben@AxxessTechnologies.com]
# Sent: Wednesday, August 28, 2002 8:25 AM
# To: security-basics@securityfocus.com
# Subject: TCP/IP filtering issues...Please help!
#
#
# I am in the process of completely locking down (as much
# as possible anyway
# ;o) my MS network...All Win2k. In applying TCP/IP
# filtering rules I ran into
# a problem:
# I setup rules to allow all necessary ports for both
# internet and intranet
# traffic, and everything works fine with the exception of
# DNS. Even though I
# opened port 53 TCP/UDP I am still unable to browse the
# web without going to
# the specific IP address of a web server. I have not
# applied these rules to
# all clients yet because of this problem, and am in a
# hurry to do so. I seem
# to remember reading that even though DNS works on
# TCP/UDP 53, that responses
# come in on a higher range of ports...not sure if this is
# correct but it is
# all that I can think of. I am hoping someone out there
# knows the fix for
# this, I have searched all over google and can't seem to
# find an answer. If
# this is a simple thing, please excuse my ignorance...TIA :o))
#
# BC
#

Relevant Pages

  • Re: Blocked incoming ICMP, getting outgoing ICMP [3] Destination Unreachable
    ... go (Gibson's so-called "stealth mode"), you really need to look at the ... Blocking responses in some cases actually saves bandwith. ... not caring at all about a RST/ACK oder Port Unreachable. ... Just take a look at eBay's load balancing ...
    (comp.security.firewalls)
  • Re: Microsoft FTP Server problem on W2K?
    ... Sure it's not - but when I saw the original responses attempting to weasel ... making the fix doesn't break RFC compliance), ... allow for port hijacking. ... and it hides information that can be used to associate your data connection ...
    (microsoft.public.inetserver.iis.security)
  • RE: SYN_SENT to port 8081
    ... I received many responses to my ... fport only seems to be available for NT based OS's. ... You could narrow it down to the application utilizing the outgoing port ... I have a Windows 98 Second Edition machine that's consistently ...
    (Focus-Microsoft)
  • Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
    ... The patch changes the default behavior of dns so that queries are responded to from random ports rather than always from the same port Reversing the patch merely returns you to the previous default behavior. ... IOW, there is a separate vulnerability in dns, which Dan has not yet revealed, that allows you to take advantage of the non-random nature of query responses. ...
    (Full-Disclosure)
  • Re: Not fixed yet but still trying: Problems changing from serial port to DecServer port
    ... There were two responses in particular that were ... > Moulton's Fortran code describing this exact problem and his fix ... > that reads data from the port. ... > Terminal Characteristics: ...
    (comp.os.vms)