From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Fri Jun 22 2007 - 17:50:12 EDT
If you use Exchange (well, specifically, if Exchange is doing the DNS
lookup) then you do need TCP 53 as Exchange SMTP (or IIS SMTP) uses TCP by
default for DNS queries. This is actually a good thing, as it is easier to
build an outbound only TCP 53 rule that will only allow established
connections returned as opposed to any UPD packet with the destination port
set at 53 (what would be or look like return queries). If one is providing
DNS server resources, then the published server should have appropriate DNS
application level filtering (as ISA does) in order to ensure that actual DNS
traffic is published, and not just anything that happens to use 53.
t
----- Original Message -----
From: <brian.marino@onenterprises.com>
To: <pen-test@securityfocus.com>
Sent: Friday, June 22, 2007 4:41 AM
Subject: Re: Re: Strange ports
I would agree that port 53 UDP needs to be open. Port 53 TCP does not
unless you are doing large DNS zone transfers.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:53 EDT