Re: DNS and TCP/IP security

Subject: Re: DNS and TCP/IP security
From: Bronek Kozicki (bronekWPI.COM.PL)
Date: Wed Dec 15 1999 - 05:04:19 CST

• Next message: David LeBlanc: "Re: DNS and TCP/IP security"
• Previous message: cbrenton: "Re: DNS and TCP/IP security"
• Maybe in reply to: Matthew Spool: "DNS and TCP/IP security"
• Next in thread: David LeBlanc: "Re: DNS and TCP/IP security"
• Maybe reply: Bronek Kozicki: "Re: DNS and TCP/IP security"
• Reply: David LeBlanc: "Re: DNS and TCP/IP security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Windows NTBugtraq Mailing List
> [mailto:NTBUGTRAQLISTSERV.NTBUGTRAQ.COM]On Behalf Of cbrenton
> Sent: Wednesday, December 15, 1999 4:24 AM
[cut]
> So what do you do?
> 1) Create an entry for every port from 1024-10000
> 2) Install RRAS and use its filtering instead

3) install DNS server locally. Configure this local DNS as "forwarding only"
to the other (real) DNS. Configure your client software to use local DNS
server only. Your local DNS will forward query to the real DNS, and receive
response on UDP (or TCP) port 53 - the one you left uncovered. Of course for
this to work you need to have DNS server. If your local computer is WinNT
Srv it's not a problem, but I do not know if BIND can be used in case you
have WinNT Wrkst. Anyone knows ?

Regards

Bronek Kozicki

• Next message: David LeBlanc: "Re: DNS and TCP/IP security"
• Previous message: cbrenton: "Re: DNS and TCP/IP security"
• Maybe in reply to: Matthew Spool: "DNS and TCP/IP security"
• Next in thread: David LeBlanc: "Re: DNS and TCP/IP security"
• Maybe reply: Bronek Kozicki: "Re: DNS and TCP/IP security"
• Reply: David LeBlanc: "Re: DNS and TCP/IP security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Wed Dec 15 1999 - 07:46:07 CST