Mailinglist Archive: opensuse-security (555 mails)
| < Previous | Next > |
Re: [suse-security] weird request from port 53 to 2049
- From: Jörg Schütter <joerg.schuetter@xxxxxx>
- Date: Thu, 24 May 2001 12:41:37 +0200
- Message-id: <20010524124137.E1592@xxxxxxxxxxxxxxx>
On 2001.05.24 12:25:32 +0200 'Togan Muftuoglu' wrote:
> * Philipp Snizek <mailinglists@xxxxxxxxx> [010524 12:55]:
> >
> > only block 53/tcp.
>
> This is what I have now ( I am using DNS caching server only maybe I
> am doing this wrong)
>
> ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 53 -j ACCEPT
> ipchains -A input -p udp -s $REMOTENET -d $OUTERNET 53 -j ACCEPT
>
Since your are not an ISP, you don't need the tcp protocoll for dns
> and you are suggesting
>
> ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 53 -j REJECT
>
> >
> > open 1024:5000 for client requests and receiving answers. These are usually
> > the most used ports for communication from client to servers to client if
> > you use masquerading on your linux box. Since you've got a dial up "router"
> > you do use masquerading.
>
> This part I did not get the picture I have an ADSL connection (so its
> pppoe) Is this what you mean
>
> ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1024:5000 -j ACCEPT
> ipchains -A input -p udp -s $REMOTENET -d $OUTERNET 1024:5000 -j ACCEPT
Also no tcp needed.
You should make shure that all pakets have no syn-bit set.
ipchains -A input -p udp -s $REMOTENET -d $OUTERNET 1024:5000 ! -y -j ACCEPT
Gruß
Jörg
--
www.lug-untermain.de -
Dipl.-Ing. Jörg Schütter
joerg.schuetter@xxxxxx
| < Previous | Next > |