[Dshield] UDP blocking

Ewan 98061034 at brookes.ac.uk
Thu Mar 14 22:06:26 GMT 2002

William Sipila wrote:

> do DNS responses come over UDP?  is so what port
> should i open back up?  i thought they would've just come back in over the
> HTTP channel, but apparently not.

indeed, udp port 53 unless i'm very much mistaken. you might also need
tcp 53 as well; if the response from your dns server is larger than the
maximum udp payload size (which i shamefully cant remember) then the
response will be sent this way

> on the same note... is that overkill?  (is there such a thing in net
> security?  :)  do i/should i really be blocking all UDP ports?  i just
> wanted to make sure the server would remain safe...
IMHO you should block everything you dont need (and you appear to have
gone one better, blocking everything you dont need, and everything you
are unsure of ;)

but now you are browsing the web from the same server? although maybe
very convienent it's not something i would personally advocate (sine if
i was being this lazy then the chances are i'd be doing it as root/admin
as well)

kinda like locking the thief inside the building, but, hoarses for


I don't know why we call it a mouse. It started that way and we never
changed it." -- Douglas C. Engelbart, December 9, 1968

More information about the list mailing list