Re: port 53, please help!
From: DamPlastic (0)
Date: 07/13/03
- Next message: elihpomaps ton: "Re: Home DSL Connections Hijacked for Porn"
- Previous message: optikl: "Re: XNEWS"
- In reply to: sponge: "Re: port 53, please help!"
- Next in thread: sponge: "Re: port 53, please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 13 Jul 2003 13:51:46 -0500
In article <8d76ec03.0307130010.4f4a4564@posting.google.com>,
yosponge@yahoo.com says...
> On Sat, 12 Jul 2003 18:08:53 -0500, DamPlastic <0> wrote:
>
> >In article <83bb1d7b.0307111403.e1a4666@posting.google.com>,
> >tyccea@charter.net says...
> >> Win98, AOL 8 DSL, Sygate Personal Firewall (free edition)
> >>
> >> I blocked all incoming/outgoing UDP on port 53, but I still see in
> my
> >> firewall log that UDP is allowed both ways. I blocked traffic on
> >> other ports and that traffic remains blocked. I have checked and
> >> re-checked the Advanced Rules on the firewall, and it always shows
> >> port 53 as blocked. I have the latest trojan scanner and an
> updated
> >> database for it (similarly for my AVG anti-virus...but it checks by
> >> heuristics, if I'm not mistaken). These tools never find anything
> >> strange.
> >> I searched google & altavista for "port 53", "port assignments",
> "port
> >> security", "ports backdoors", "ports trojans", "trojan port 53",
> >> "backdoor port 53", etc., etc... I don't know what else to search
> for,
> >> lol. I searched for almost 5 hours yesterday.
> >> I just don't want to find out that I have some re-compiled version
> of
> >> a backdoor on my pc, or a sniffer on my line.
> >> wtf? What am I doing wrong? ...I'm still a real newbie here;
> haven't
> >> tried to use a sniffer or anything like that on my comp, so I
> really
> >> don't know what to do.
> >>
> >> Any help or flame is appreciated. Thanx.
>
> I cover this at my site. Take a look if you want:
> www.geocities.com/yosponge/fw/fwmain.html
> It's still in the works, and right now I only have instructions
> specific to Keril.
Hi All. First I want to complement Sponge for his web page--a
wealth of security info there. I've been playing with Sygate for
about a year, so here is what a DNS advanced rule would look like
in Sygate. (in my matching connecting to mindspring.com)
General Tab
Rule Description: Allow DNS
Action: Allow this traffic
Host Tab
IP Address(es): 207.217.126.81,207.217.126.82
Ports and Protocol Tab
Protocol: UDP
Remote Port: 53
Local Port: (leave blank--that allows all)
Traffic Direction: Both
Applications Tab
Check Netscape
Check Opera
(My IE is parked and never used unless all else fails)
Note: If TCP was required, it would take another identical
rule except for protocol.
Many thanks to everyone who contributed. Now I must busy
on my ICMP rules. I've read so much conflecting info on
it in the past that I may just start all over on it.
- Next message: elihpomaps ton: "Re: Home DSL Connections Hijacked for Porn"
- Previous message: optikl: "Re: XNEWS"
- In reply to: sponge: "Re: port 53, please help!"
- Next in thread: sponge: "Re: port 53, please help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
