[Dshield] UDP blocking

Mark Turnauckas mark_turnauckas at yahoo.com
Thu Mar 14 23:03:07 GMT 2002

Not silly to me.
Try UDP port 53.
Please let me know if that's right.


-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of
William Sipila
Sent: Thursday, March 14, 2002 4:10 PM
To: 'list at dshield.org'
Subject: [Dshield] UDP blocking

hi everyone,

sorry if this is a silly question, but i have a server with outside a
firewall (i know, i know), and i only opened a few necessary TCP ports and i
closed off all UDP ports.  now when i'm on the server, i can't surf outbound
unless i use IP addresses.  do DNS responses come over UDP?  is so what port
should i open back up?  i thought they would've just come back in over the
HTTP channel, but apparently not.

on the same note... is that overkill?  (is there such a thing in net
security?  :)  do i/should i really be blocking all UDP ports?  i just
wanted to make sure the server would remain safe...


	- will

    Developer/SysAdmin, OUTSOURCE Consulting Services, Inc.
    william at osource.com | www.osource.com

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list