DNS ports and scans

From: Jason Lewis (jlewisat_private)
Date: Sat May 05 2001 - 09:36:05 PDT

Next message: Hugo van der Kooij: "Re: Any defense against ping flood?"

Previous message: Jason Storm: "Re: Any defense against ping flood?"
Next in thread: J C Lawrence: "Re: DNS ports and scans"
Reply: Keith Owens: "Re: DNS ports and scans"
Reply: Ryan Sweat: "Re: DNS ports and scans"
Reply: Abe Getchell: "Re: DNS ports and scans"
Reply: Valdis Kletnieks: "Re: DNS ports and scans"
Reply: Eyes to the Skies.: "Re: DNS ports and scans"
Reply: John Coke: "RE: DNS ports and scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

DNS queries are on UDP port 53.  TCP port 53 is used for zone transfers.  By
blocking TCP port 53 I can't do zone transfers, but clients can still do
lookups on UDP 53.  Since I have blocked TCP port 53, I have seen a decrease
in attack attempts on my name servers, primarily because that port isn't
open.  I do still see scans for the DNS ports, but nothing more than a port
scan.

My question is...Can anyone come up with any pros/cons of doing this?

My name servers are successfully serving my domains, so I don't see a
downside.  Thoughts?

Jason Lewis
http://www.rivalpath.com
"All you can do is manage the risks. There is no security."

Next message: Hugo van der Kooij: "Re: Any defense against ping flood?"
Previous message: Jason Storm: "Re: Any defense against ping flood?"
Next in thread: J C Lawrence: "Re: DNS ports and scans"
Reply: Keith Owens: "Re: DNS ports and scans"
Reply: Ryan Sweat: "Re: DNS ports and scans"
Reply: Abe Getchell: "Re: DNS ports and scans"
Reply: Valdis Kletnieks: "Re: DNS ports and scans"
Reply: Eyes to the Skies.: "Re: DNS ports and scans"
Reply: John Coke: "RE: DNS ports and scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat May 05 2001 - 13:01:07 PDT