On 6/7/19 8:44 PM, Mark Andrews wrote:
Named drops those ports as they can be used in reflection attacks. Sane NAT developers avoid those ports for just that reason. The full list is below.
I understand the logic behind avoiding potentially problematic ports.But I don't understand the actual attack scenario. Is the attack against the BIND server? I.e. in an attempt to cause BIND to establish a never ending loop of packets between itself and the purported address? Or is this an attempt to cause BIND to attack a spoofed source with said loop?
Nor do I understand why BIND couldn't differentiate between an actual query vs a reflected reply, daytime response, chargen, or time packet.
Will someone please explain what I'm failing to understand? -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
