OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dan Lukes (danobluda.cz)
Date: Mon Apr 22 2002 - 19:23:41 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Len Conrad wrote:

    > On egress, bind will query via udp/tcp on port > 1023.

    ... unless your named.conf say something other.

            Because you must have open local port 53 for INcoming questions and for
    OUTgoing replies already you may decide to select port 53 as source for
    your own OUTgoing questions (e.g. INcoming replies) also -> simple
    configuration of firewall; no need for (random) ports >1023 -> no need
    for "keep-state" (possible subject of DoS) rules.

                                            Dan

    -- 
    Dan Lukes,  SISAL, MFF UK  tel: +420 2 21914205, fax: +420 2 21914206
    AKA: danobluda.cz, danfreebsd.cz, dankolej.mff.cuni.cz, danfio.cz
    

    To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message