Re: TCP/IP Packet Filtering

From: Steven L Umbach (n9rou_at_nscomcast.net)
Date: 07/05/04 

Date: Mon, 05 Jul 2004 08:20:22 GMT

Hi Jim.

FYI. I have pasted a capture from Ethereal so you can see the sequence that
caused you grief. I modified the output screen to show unresolved source and
destination ports . I am not sure how good it will look in a paste but here
goes. This is an example on a capture just before I opened my web browser
which has a home page of Foxnews.com and my internal lan IP address is
192.168.1.105. Notice my computer using a source port of 3513 to a
destination port of 53 and the response of the dns server from port 53 back
to port 3513. It would be the port 3513 udp in this example that would be
blocked by the udp port filtering. Keep in mind that W2K dns client caches
recent dns queries including failures. So if you do any testing in the
future, always use the command " ipconfig /flushdns" to clear the dns client
cache first. --- Steve

Source Destination Protocol Src port Dst
port Info
192.168.1.105 202.12.27.33 DNS 3513 53
Standard query A www.foxnews.com

202.12.27.33 192.168.1.105 DNS 53 3513
Standard query response

"Jim Bohan" <Thread7@hotmail.com> wrote in message
news:49c7cba4.0407042158.181c5059@posting.google.com...
> Joe,
>
> Well he gave me the fish, but I did learn. I could find no
> documentation telling me Steve's statement - "IP udp filtering is
> useless for using dns as you need to configure the policy to allow the
> above 1024 ports for return traffic from the external dns server to
> your computer which is not practical." After hours trying to figure
> out why the UDP traffic wasn't coming through I was at a dead end and
> finally had to ask some "experts" such as yourselves. Great response
> guys.
>
> Thread7

Relevant Pages

  • Re: Event ID: 5504
    ... User Datagram Protocol, Src Port: 1273, Dst Port: domain ... Authority RRs: 0 ... and if its an issue with the Windows DNS ... > assuming (none of us have asked your config yet) that you have all your ...
    (microsoft.public.win2000.dns)
  • RE: strange traffic on UDP port 53
    ... Replies to DNS queries should be coming FROM port 53, ... > found a similar problem with packets being stopped by our firewall. ... The destination IP is our mail server (not ...
    (Incidents)
  • Re: Have to go to web site twice before it comes up
    ... I've ruled out Internet Explorer. ... Telnet does the same thing. ... it's not limited to port 80. ... running on top of it that will have to be re-set up (e.g. DNS, DHCP, AD, ...
    (microsoft.public.win2000.networking)
  • Re: port 53, please help!
    ... >> port 53 as blocked. ... >to folks with a Win98 connected thru a firewall to internet. ... find out the IP addresses of all your DNS servers. ...
    (comp.security.firewalls)
  • Re: network traffic etherealed, need your help on the records (LONG)
    ... I try telnet myIP 80 to test whether my ISP blocking port 80? ... >To see if your hostname resolves from gethostbyname (instead of just DNS) ... Should I do something here for the apache server? ...
    (comp.os.linux.networking)
Quantcast