RE: TCP DNS requests

• Previous message: GSG Designs: "Newbie: RedHat 8 or OpenBSD??"
• Maybe in reply to: Carl R Diliberto: "TCP DNS requests"
• Next in thread: Daniel Miessler: "RE: TCP DNS requests"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Raghu Chinthoju <chraghu@hyd.wilco-int.com>
To: "'Carl R Diliberto'" <cdiliberto@hotmail.com>, "'security-basics'" <security-basics@securityfocus.com>
Date: Thu, 31 Oct 2002 01:12:59 +0530

TCP/DNS(53) is used for zone transfer. To be simple, TCP/DNS(53) is used
between the name servers to exchange/update there name databases where as
UDP/DNS(53) is used for querying.

I see two possibilities for having generated TCP based DNS requests in your
network.
1. You must have another DNS server in that network trying to do zone
transfer with your server
2. Some one is explicitly requesting your name server for zone information.
This could be done by in many ways. For example, "ls" command of nslookup
does it.

Cheers,
Raghu.

Wilco International Systems
Hyderabad.

-----Original Message-----
From: Carl R Diliberto [mailto:cdiliberto@hotmail.com]
Sent: Wednesday, October 30, 2002 7:16 PM
To: security-basics
Subject: TCP DNS requests

We are reporting TCP based DNS requests to one of our DNS servers coming
from internal, client IP addresses. My manager would like to block the TCP
packets. What or why would their be random TCP packets? We monitored
several clients and it appears it only needs UDP.

Thanks
Carl

This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify postmaster@wilco-int.com immediately. You should not copy it or use it for any purpose, nor disclose its contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of Wilco.

• Previous message: GSG Designs: "Newbie: RedHat 8 or OpenBSD??"
• Maybe in reply to: Carl R Diliberto: "TCP DNS requests"
• Next in thread: Daniel Miessler: "RE: TCP DNS requests"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: exchange server cannot mount mailbox store ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: Simple DNS For Private LAN -- SOLVED ... I used your examples and the "view" statement mentioned my Mathew Seaman to build a BIND 9 DNS server that is authoritative for mykitchentable.net. ... a local "master zone" visible only to my private LAN as you describe ... internal home network. ... which points to the root DNS servers. ... (freebsd-questions) Re: DNS Redesign Issue ... -Using DNS console you can right-click the zone and export to a File, ... -To export a Zone and import that Zone in another DNS Server you need to use ... Create a child zone dallas on the DNS server in the child domain ... (microsoft.public.windows.server.dns) Re: RWW not connecting to desktop BOSS ... Open DHCP server, right click the server's FQDN and select Properties. ... Navigate to DNS tab. ... To configure the zone to permit dynamic updates, ... click Non-secure and secure in the Dynamic updates ... (microsoft.public.windows.server.sbs) Re: Event 4515 :another copy of zone has been found ... running on the old 2000 server. ... I then installed DNS on ... I seem to remember hearing that if you just delete/remove the zone it ... Container), the Configuration Partition, and the Schema Partition. ... (microsoft.public.windows.server.dns)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint