Firewalls: Re: DNS Client Ports

Firewalls
(March 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: DNS Client Ports
From:	Marcus J Ranum <mjr @ TIS . COM>
Date:	Sat, 13 Mar 93 21:22:38 EST
To:	FireWalls @ GreatCircle . COM, mischler @ cubic . com

>Should I allow "random" client ports through?  What are the security
>implications?

	One implication is that anyone with a tunnelling driver can
run IP tunnelled through your firewall using NS packets as the
transport layer.

	Yes, I have code that does this. ;)

mjr.

Follow-Ups:

Re: DNS Client Ports
From: Amos Shapira <amoss @ cs . huji . ac . il>
Re: DNS Client Ports
From: lars @ spectrum . CMC . COM (Lars Poulsen)

Indexed By Date	Previous:	DNS Client Ports From: Dave Mischler <mischler @ cubic . com>
Indexed By Date	Next:	Re: DNS Client Ports From: lars @ spectrum . CMC . COM (Lars Poulsen)
Indexed By Thread	Previous:	DNS Client Ports From: Dave Mischler <mischler @ cubic . com>
Indexed By Thread	Next:	Re: DNS Client Ports From: lars @ spectrum . CMC . COM (Lars Poulsen)