[Dshield] UDP blocking

Micheal Patterson micheal at cancercare.net
Thu Mar 14 21:46:16 GMT 2002


Yes. You need to allow UDP from your dns servers on port 53 and allow
anything from that machine to those same system to port 53. Once done, your
dns should be operational again.

--

Micheal Patterson
Network Administration
Cancer Care Network
405-733-2230

----- Original Message -----
From: "William Sipila" <william at osource.com>
To: <list at dshield.org>
Sent: Thursday, March 14, 2002 3:10 PM
Subject: [Dshield] UDP blocking


> hi everyone,
>
> sorry if this is a silly question, but i have a server with outside a
> firewall (i know, i know), and i only opened a few necessary TCP ports and
i
> closed off all UDP ports.  now when i'm on the server, i can't surf
outbound
> unless i use IP addresses.  do DNS responses come over UDP?  is so what
port
> should i open back up?  i thought they would've just come back in over the
> HTTP channel, but apparently not.
>
> on the same note... is that overkill?  (is there such a thing in net
> security?  :)  do i/should i really be blocking all UDP ports?  i just
> wanted to make sure the server would remain safe...
>
> TIA.
>
> - will
>
> --\/------------------------------------------------------------
> Developer/SysAdmin, OUTSOURCE Consulting Services, Inc.
> william at osource.com | www.osource.com
> --/\------------------
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list