>>>>> "Ken" == Ken Jones <kenj @
group1 .
com> writes:
Ken> My understanding is letting in udp packets on ports >1023 is
Ken> generally safe, as the only listeners on those ports are
Ken> clients such as archie waiting for a specific response.
Ken> You also (if you are running unix) need to check /etc/services
Ken> to verify there isn't anything configured to listen to ports
Ken> above 1023 by default.
Beware! This is not accurate. Most interesting RPC servers bind to UDP
ports in the dynamic range. Here's a sample listing from a sun
(rpcinfo):
100011 1 udp 1042 rquotad
100001 2 udp 1043 rstatd
100001 3 udp 1043 rstatd
100001 4 udp 1043 rstatd
100002 1 udp 1044 rusersd
100002 2 udp 1044 rusersd
100012 1 udp 1045 sprayd
100008 1 udp 1046 walld
100003 2 udp 2049 nfs
100021 1 udp 1035 nlockmgr
All kinds of good stuff in the dynamic range. It is safest to block
all UDP, letting in only a few select ports (DNS, NTP).
-Rens
References:
|
|
