From owner-freebsd-security  Mon Jun 12 18:42:49 2000
Delivered-To: freebsd-security@freebsd.org
Received: from web210.mail.yahoo.com (web210.mail.yahoo.com [128.11.68.110])
	by hub.freebsd.org (Postfix) with SMTP id EA99F37BCA6
	for <freebsd-security@freebsd.org>; Mon, 12 Jun 2000 18:42:41 -0700 (PDT)
	(envelope-from hho321@yahoo.com)
Received: (qmail 10943 invoked by uid 60001); 13 Jun 2000 01:42:37 -0000
Message-ID: <20000613014237.10942.qmail@web210.mail.yahoo.com>
Received: from [207.172.11.148] by web210.mail.yahoo.com; Mon, 12 Jun 2000 18:42:37 PDT
Date: Mon, 12 Jun 2000 18:42:37 -0700 (PDT)
From: Hugh Ho <hho321@yahoo.com>
Subject: IPFW rules for DNS?
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I need to do nslookup quite often, and I have the following IPFW rules which
allow nslookup to talk to my ISP's DNS server:

  allow udp from ${my_ip} to ${dns_server} 53
  allow udp from ${dns_server} 53 to ${my_ip}

Problem with the above rules is that people can pass IPFW if they use UDP port
53 with a spoofed IP that matches my ISP's DNS server. Is there a way to fix my
problem?

Thanks.

-Hugh

__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message