Re: port 53, please help!

From: DamPlastic (0)
Date: 07/14/03

• Next message: Duane Arnold: "XNEWS 2"
• Previous message: John Elsbury: "Re: Home DSL Connections Hijacked for Porn"
• In reply to: Tyccea811: "port 53, please help!"
• Next in thread: ClareOldie: "Re: port 53, please help!"
• Reply:(deleted message) ClareOldie: "Re: port 53, please help!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 13 Jul 2003 17:50:00 -0500

In article <83bb1d7b.0307111403.e1a4666@posting.google.com>,
tyccea@charter.net says...
> Win98, AOL 8 DSL, Sygate Personal Firewall (free edition)
>
> I blocked all incoming/outgoing UDP on port 53, but I still see in my
> firewall log that UDP is allowed both ways. I blocked traffic on
> other ports and that traffic remains blocked. I have checked and
> re-checked the Advanced Rules on the firewall, and it always shows
> port 53 as blocked. I have the latest trojan scanner and an updated
> database for it (similarly for my AVG anti-virus...but it checks by
> heuristics, if I'm not mistaken). These tools never find anything
> strange.
Researching this problem farther, I find the following in the
Sygate User Manual:
-------------------------
9.3.2a Enable Smart DNS
Smart DNS is a feature that blocks all DNS traffic, EXCEPT outgoing
DNS requests and the corresponding reply. This means that your
computer sends out a DNS request, and another computer responds
within five seconds, the communication will be allowed. All other
DNS packets will be dropped.

If you disable this feature, please note that you will need to
manually allow DNS name resolution. If you choose to disable, you
will need to create an advanced rule that allows UDP traffic for
remote port 53.
-----------------
Apparantly Sygate Smart DNS overrides an advanced rule to block
DNS UDP on port 53. The enable/disable for Smart DNS is located at
Tools/Options/Security

---

• Next message: Duane Arnold: "XNEWS 2"
• Previous message: John Elsbury: "Re: Home DSL Connections Hijacked for Porn"
• In reply to: Tyccea811: "port 53, please help!"
• Next in thread: ClareOldie: "Re: port 53, please help!"
• Reply:(deleted message) ClareOldie: "Re: port 53, please help!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: TCP/IP Packet Filtering ... First off note that UDP is connectionless. ... What you will notice is that even though a positive response came back, ... > destination port of 53 and the response of the dns server from port 53 back ... Keep in mind that W2K dns client caches ... (microsoft.public.win2000.security) Re: DNS & using the TCP/IP FIlter ... The problem is dns to the internet dns servers uses udp port 53 "outbound" NOT ... Unfortunately udp IP filtering can not keep track of the state of a ... (microsoft.public.win2000.security) Re: TCP/IP Packet Filtering ... First when you are using dns to resolve and internet name you are using port 53 udp ... IP udp filtering is useless for using dns as you need to ... (microsoft.public.win2000.security) Re: port 53, please help! ... >> firewall log that UDP is allowed both ways. ... >> port 53 as blocked. ... >9.3.2a Enable Smart DNS ... to only trusted servers, the latter is far more important. ... (comp.security.firewalls) Re: port 53, please help! ... >>9.3.2a Enable Smart DNS ... >>Smart DNS is a feature that blocks all DNS traffic, ... > to only trusted servers, the latter is far more important. ... > disallowed access on port 53 from untrusted origins anyway. ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2003-07