I would be cautious, there are tunneling programs that work because it uses
the assumptions that some ports like 53 are often left open. What you
should have is the filters set to only allow one server out, on which you
run a DNS caching server. All sites inside go to that server for name
resolution. In that way others can't tunnel through that hole.
On Thursday, January 06, 2000 11:04 AM, Vanja Hrustic
[SMTP:[EMAIL PROTECTED]] wrote:
> I've heard various comments on this, so I want to double-check it.
>
> Is it ok if only UDP/53 is left open, to serve DNS requests? As much as
> I have understood, I can safely close TCP/53. The server in question is
> a 'small' one (meaning: not so many requests per day, and only requests
> for www/dns/mail will probably come there anyway).
>
> I have been looking at the traffic for past 24 hours, and as much as I
> can see, everything works fine (some requests come first to TCP/53, but
> they are resent after few secs to UDP/53). However, I might break
> something without knowing it :)
>
> Any advices?
>
> Thanks in advance.
>
> Vanja
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
