Re: which ports & protocols are necessary?

From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 03/13/05

• Next message: Connected: "Re: win98 firewall"
• Previous message: Jose Maria Lopez Hernandez: "Re: which ports & protocols are necessary?"
• In reply to: Jose Maria Lopez Hernandez: "Re: which ports & protocols are necessary?"
• Next in thread: Jose Maria Lopez Hernandez: "Re: which ports & protocols are necessary?"
• Reply: Jose Maria Lopez Hernandez: "Re: which ports & protocols are necessary?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 13 Mar 2005 18:14:42 GMT

In article <39jcfjF5vtulmU2@individual.net>,
Jose Maria Lopez Hernandez <jkerouac@bgsec.com> wrote:
:None of them use UDP, but don't forget the DNS service,
:that uses 53/udp and 53/tcp (this one only for zone transfers).

In theory, DNS is allowed to use TCP 53 at any time, even just for
queries. Common practice is that for queries it starts with UDP 53 and
only switches to TCP 53 for queries if the response had the "result was
truncated" flag set.

DNS uses TCP 53 for zone transfers not because going TCP is special but
because zone transfers are expected to require more than 512 bytes of
data being returned -- thus if you are running a DNS server and you do
not disallow random sites from attempting DNS transfers [thinking you
are safe because you block TCP 53] then someone can start a zone
transfer on UDP 53 and get back the first 1/2 KB worth.

I think I have also seen TCP 53 used internally for requests to
update the name or IP mapping (Microsoft Windows XP systems request
this by default even for systems with static IPs), but I would not
swear to it.

-- 
   Entropy is the logarithm of probability   -- Boltzmann

• Next message: Connected: "Re: win98 firewall"
• Previous message: Jose Maria Lopez Hernandez: "Re: which ports & protocols are necessary?"
• In reply to: Jose Maria Lopez Hernandez: "Re: which ports & protocols are necessary?"
• Next in thread: Jose Maria Lopez Hernandez: "Re: which ports & protocols are necessary?"
• Reply: Jose Maria Lopez Hernandez: "Re: which ports & protocols are necessary?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SMTP delivery failure when NIC DNS server points to router ... I learned that the router's DNS server does not listen to TCP queries. ... Configure the SMTPSVC to use UDP for DNS queries. ... (microsoft.public.inetserver.iis.smtp_nntp) RE: Help with ipfw rules to allow DNS queries through ... If a DNS reply exceeds the maximum size of a udp datagram, it will be sent using TCP so the rule is needed. ... > I have a stand alone server co-located on my employers T1 line. ... (FreeBSD-Security) RE: TCP DNS requests ... It is a common misconception that TCP DNS is only for zone transfers. ... You must have another DNS server in that network trying to do zone ... (Security-Basics) SMTP Outgoing - Connection Dropped ... Searching for Exchange external DNS settings. ... Checking TCP/UDP SOA serial number using DNS server. ... TCP test failed. ... UDP test succeeded. ... (microsoft.public.windows.server.sbs) RE: DNS ACL ? ... and there should be no zone transfers coming in ... from the internet to these servers. ... Subject: DNS ACL? ... > Not all DNS clients automatically try to negotiate bigger UDP ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint