From owner-freebsd-security  Mon Jul 27 07:34:31 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA25633
          for freebsd-security-outgoing; Mon, 27 Jul 1998 07:34:31 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (root@COPLAND.CODA.CS.CMU.EDU [128.2.222.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA25571
          for <freebsd-security@FreeBSD.ORG>; Mon, 27 Jul 1998 07:34:19 -0700 (PDT)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id KAA08183;
	Mon, 27 Jul 1998 10:33:30 -0400 (EDT)
Date: Mon, 27 Jul 1998 10:33:29 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: "Jan B. Koum " <jkb@best.com>
cc: sthaug@nethelp.no, j@lumiere.net, freebsd-security@FreeBSD.ORG
Subject: Re: ipfw rules to allow DNS activity
In-Reply-To: <Pine.BSF.3.96.980727021508.4055A-100000@shell6.ba.best.com>
Message-ID: <Pine.BSF.3.96.980727101913.8094A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 27 Jul 1998, Jan B. Koum  wrote:

> 	Hmm.. You sure? Not according to Stevens and my tcpdump:
> 
> >- You can't know the source port in zone transfers initiated from your
> >own name server. It won't be 53 - remember that zone transfers are
> >performed by a separate program (named-xfer).
> 
> 	This is from running "host -l some.host" in the other xterm:
> 
> 02:15:05.598279 nfr.2509 > 209.157.102.11.domain: S
> 3408638927:3408638927(0) win 16384 <mss 1460,nop,wscale0,nop,nop,timestamp
> [|tcp]> (DF)
>
[snip]
> 
> 	It is going from my host, nfr to the nameserver, 209.157.192.11,
> destination port 53 using tcp.
> 	Replies are coming back from 209.157.192.11, port 53 using tcp
> back to me. I don't see how this is "won't be 53" -- am I missing
> something in this picture?

Does this differ on NT/Windows/Macintosh?  I don't know if they have the
same concept of "reserved ports" as they don't tend to have the same trust
model that NFS/rsh/etc use.  I've never checked to see whether
Mac/Windows95 allocate ports <1024 for outgoing connections.  Under NT,
anyway, one assumes they don't so that various services can run on them
unhindered?

I could easily see some Microsoft programmer saying "hmm. I'll make an
outgoing connection from port 867 on this machine to port 23 on that
one.." :)

Stevens' new unix network programming book has port range information for
BSD, Solaris, but no microsoft/etc info (it being a UNIX network
programming book :).

  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message