Firewalls: Re: DNS Client Ports

Firewalls
(March 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: DNS Client Ports
From:	Amos Shapira <amoss @ cs . huji . ac . il>
Date:	Sun, 14 Mar 1993 09:14:50 +0200
To:	firewalls @ GreatCircle . COM
In-reply-to:	Your message of Sat, 13 Mar 93 21:22:38 EST . <9303140222 . AA28805 @ TIS . COM>

In message <9303140222 .
 AA28805 @
 TIS .
 COM> you write:
|>Should I allow "random" client ports through?  What are the security
|>implications?
|
|	One implication is that anyone with a tunnelling driver can
|run IP tunnelled through your firewall using NS packets as the
|transport layer.
|
|	Yes, I have code that does this. ;)
|
|mjr.

You mean that it could be used to transfer data you don't want to be transfered
to/from your site, right?  If I don't hold secrets at my site and just want to
prevent un-authorised access from outside then I shouldn't be concerned with
it (at least not too much),  right?

(just this friday we had to eract a firewall due to a breakin in another uni
and I found that I had to let port 53 through from anywere to anywere, at
least for now).

Cheers,

--Amos Shapira

CS System Group, Hebrew University, Jerusalem, Israel
amoss @
 cs .
 huji .
 ac .
 il

References:

Re: DNS Client Ports
From: Marcus J Ranum <mjr @ TIS . COM>

Indexed By Date	Previous:	Re: DNS Client Ports From: lars @ spectrum . CMC . COM (Lars Poulsen)
Indexed By Date	Next:	Re: DNS Client Ports From: Marcus J Ranum <mjr @ TIS . COM>
Indexed By Thread	Previous:	Re: DNS Client Ports From: lars @ spectrum . CMC . COM (Lars Poulsen)
Indexed By Thread	Next:	Re: DNS Client Ports From: Marcus J Ranum <mjr @ TIS . COM>