[Dshield] UDP blocking

Kelly Martin kellym at fb00.fb.org
Thu Mar 14 21:40:39 GMT 2002


DNS is UDP port 53.  Note also that queries go out (by default) on random
UDP ports, and the replies come back to the same port the query originated
from.  If you are not using a stateful firewall, you will have to either
open all of UDP or lock your DNS client down to use a specified query port.

If you have a trusted resolver you can use, you can open UDP only to that
trusted resolver.

Kelly

> -----Original Message-----
> From:	William Sipila [SMTP:william at osource.com]
> Sent:	Thursday, March 14, 2002 3:10 PM
> To:	'list at dshield.org'
> Subject:	[Dshield] UDP blocking
> 
> hi everyone,
> 
> sorry if this is a silly question, but i have a server with outside a
> firewall (i know, i know), and i only opened a few necessary TCP ports and
> i
> closed off all UDP ports.  now when i'm on the server, i can't surf
> outbound
> unless i use IP addresses.  do DNS responses come over UDP?  is so what
> port
> should i open back up?  i thought they would've just come back in over the
> HTTP channel, but apparently not.
> 
> on the same note... is that overkill?  (is there such a thing in net
> security?  :)  do i/should i really be blocking all UDP ports?  i just
> wanted to make sure the server would remain safe...
> 
> TIA.
> 
> 	- will
> 
> --\/------------------------------------------------------------ 
>     Developer/SysAdmin, OUTSOURCE Consulting Services, Inc. 
>     william at osource.com | www.osource.com 
> --/\------------------ 
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list