[Dshield] UDP blocking

Ewan 98061034 at brookes.ac.uk
Thu Mar 14 22:06:26 GMT 2002


William Sipila wrote:

> do DNS responses come over UDP?  is so what port
> should i open back up?  i thought they would've just come back in over the
> HTTP channel, but apparently not.

indeed, udp port 53 unless i'm very much mistaken. you might also need
tcp 53 as well; if the response from your dns server is larger than the
maximum udp payload size (which i shamefully cant remember) then the
response will be sent this way

> 
> on the same note... is that overkill?  (is there such a thing in net
> security?  :)  do i/should i really be blocking all UDP ports?  i just
> wanted to make sure the server would remain safe...
> 
IMHO you should block everything you dont need (and you appear to have
gone one better, blocking everything you dont need, and everything you
are unsure of ;)

but now you are browsing the web from the same server? although maybe
very convienent it's not something i would personally advocate (sine if
i was being this lazy then the chances are i'd be doing it as root/admin
as well)

kinda like locking the thief inside the building, but, hoarses for
courses

ewan

-- 
I don't know why we call it a mouse. It started that way and we never
changed it." -- Douglas C. Engelbart, December 9, 1968
http://sloan.stanford.edu/MouseSite/1968Demo.html




More information about the list mailing list