On 21/03/2012 09:41, Matus UHLAR - fantomas wrote:
maybe the admin set that up to force local servers using random ports,
instead of 53, for outgoing requests. Nobody should use port 53 for
_ougtoing_ requests.
On 21.03.12 23:41, Anand Buddhdev wrote:
You're wrong. A name server can use any source port from 1 up to 65535
for an outgoing query, as long as that port is not in use by any other
process on the system.
well, it _can_ but because ports < 1024 are undesrtood as privileged,
it should not use them.
In fact, up until Kaminsky's revelation, many BIND servers used a fixed
source port of 53.
yes, but because of Kaminsky's revelation, servers should not use that
port anymore.
While it's of up to the the admin of resolving server, it's possible
that FW admin at dubai airport had reason to block ports>1024.
Maybe they got attack from enabled chargen or echo UDP services from
somewhere. We do not knot that. But we surely know that OP's
nameservers use port 53 which they should not use...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
