In some mail from Dr. Frederick B. Cohen, they said:
> I just added UDP port scanning to the SATAN portion of our
> testing service, and now find that a hole (not whole) new world is
> showing up on the scans.
> Does anyone know if there is a version of syslog that does not
> run over UDP? Does anyone have a utility (similar to telnet?) that will
> let me create UDP packets from shell scripts so I can test UDP attacks
> from shell scripts? Is there a UDP wrapper of some sort that could be
> judiciously applied (realizing of course that source information in UDP
> packets is truly trivial to forge) by people wanting to close down UDP
Try running syslogd() as a non-root user so it can't bind to the port it
wants. Check the firewalls digests for more info on syslogd and options
available (this has been discussed in more detail in the past).
Someone was worried about port 53 ? You don't need to setup a special
realy for this. BIND 4.9.3-beta17 will bind to all port 53s it can so
that on a dual-homed host, if you have IP forwarding turned off, you can
send a query to the internal interface and it should be able to answer
with the query it gets in the other side. Someone might like to try this
out and let us know how it goes, but I believe it should work.
p.s. if you're wondering what "all port 53s" means, it means it will bind
to 127.0.0.1.53, 0.0.0.0.53, le.0.ip.#.53 and le.1.ip.#.53 (for example
on a Sparc with two ethernet cards).