Re: Interesting DNS Traffic -Reply

Ge' Weijers (geprogressive-systems.com)
Thu, 3 Jun 1999 11:15:11 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Russ: "RE: Firewall comparison in Data Communications"
• Previous message: 0x1c: "Re: Gauntlet firewalls & BSDI"
• In reply to: Kevin T. Shivers: "Re: Gauntlet firewalls & BSDI"

On Wed, Jun 02, 1999 at 03:43:54PM +0100, Einar EINARSSON wrote:
> I thought DNS lookup 'was supposed' to use a random
> source port above 1023. So why are some implementations
> using a source port below 1023 and some above 1023 ?

There's no requirement written anywhere that you have to use port
number > 1023 for temporary ports. It's a convention that originated
on BSD Unix systems, where ports <= 1023 are reserved for privileged
(root) processes. An IP implementation that does not use this
convention is perfectly within its rights to do so.

Relying on this convention for your security is questionable anyway.
You usually end up assuming that no internal machine runs any service
on a high port. The users of trojan horses like BackOrifice will thank
you :-(

In short: use passive FTP, and proxy DNS.

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

• Next message: Russ: "RE: Firewall comparison in Data Communications"
• Previous message: 0x1c: "Re: Gauntlet firewalls & BSDI"
• In reply to: Kevin T. Shivers: "Re: Gauntlet firewalls & BSDI"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT