> But it turned out that when our DNS Server has to query a root name
> server, it sends out a UDP query with a random higher (>1023) source
> port number, which means that I will have to open >1023 Ports access
to
> this server from outside.
You don't have to open ports on your firewall that corr
Zone Transfers use TCP instead of UDP on port 53. That is most likely
what you are seeing.
--Daniel
> We are reporting TCP based DNS requests to one of our DNS servers
coming
> from internal, client IP addresses. My manager would like to block
the TCP
> packets. What or why would their be rand
Hmm. I am wondering where the attacker is going to put this route that
you mention so that it routes right past your NAT.
> It can not be stressed enough that NAT alone is _no protection at
> all_, there must be some filtering or you are running wide open
> looking for trouble.
>
> By adding a r
First of all, many will disagree with me here, but I don't think you
should buy into the idea of your Microsoft firewalls being a part of
your domain structure, even if you have only a one way trust. There
shouldn't be ANY trusting or association between the machines in your
DMZ (especially your
> Can you elaborate more on SSL tunneling vs. SSH tunneling ?
> What are they used for and what can I do with them, and maybe
> point to some good resources ?
Friend, like 10 people have all given you the basics on the differences,
and now you ask to be told what they are used for and what you ca
> Please check the thread sir. I asked the original question and was
nicely surprised
> at the friendly and informative responses. Thanks to everyone who
replied. The
> second request for information came as a response to my original post
from a
> second party.
Well, then I stand corrected. I
I suggest TCP Illustrated, Volume 1, by Stevens. It is the standard for
learning the protocols that you are looking at.
--danielrm26
> -Original Message-
> From: Teodorski, Chris [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 20, 2002 11:40 AM
> To: Security-Basics (E-mail)
> Subj
> Can someone help me understand the difference between SSH and Telnet
over
> SSL?
SSH is the 'secure shell', meaning that it was designed to do secure
remote terminal type activities.
Telnet over SSL is two things:
1. Telnet. Telnet is the old and insecure way of doing remote access to
*nix
> I've successfully set up a home LAN with NAT, OpenBSD firewall, and
all
> the goodies. However, I'm wondering what the next step is. As far as
> system maintenance, I know that all OS's require constant patches, but
I
> have no idea what that involves as far as OpenBSD goes, is there a
> program
I recommend you check out this thread in the DSLR security forum:
http://www.dslreports.com/forum/remark,3811047~root=security,1~mode=flat
#3811047
If you have any questions after viewing that, let me know. In short
though, I suggest not using public IP's for your DMZ and/or Intranet.
If you a
> How many of you would be happy to use these and other
> freeware security products in the enterprise. This would even be
after
> you have fully tested them to YOUR satisfaction.
> I would be very interested in all your feedback, thanks.
Remember that these distros usually do nothing more than
11 matches
Mail list logo
