Date: Wed, 14 Jun 2000 07:27:42 -0400 From: "Cameron, Frank" <cameron@ctc.com> To: "'Hugh Ho'" <hho321@yahoo.com> Cc: "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG> Subject: RE: IPFW rules for DNS? Message-ID: <E41DD2A84F21D411B567009027B0FD886C2A81@ctcjst-mail1.ctc.com>
next in thread | raw e-mail | index | archive | help
The recent ipfw supports the keep-state option:
allow udp from ${my_ip} to ${dns_server} 53 keep-state
-frank
> -----Original Message-----
> From: Hugh Ho [SMTP:hho321@yahoo.com]
> Sent: Monday, June 12, 2000 9:43 PM
> To: freebsd-security@FreeBSD.ORG
> Subject: IPFW rules for DNS?
>
> I need to do nslookup quite often, and I have the following IPFW rules
> which
> allow nslookup to talk to my ISP's DNS server:
>
> allow udp from ${my_ip} to ${dns_server} 53
> allow udp from ${dns_server} 53 to ${my_ip}
>
> Problem with the above rules is that people can pass IPFW if they use UDP
> port
> 53 with a spoofed IP that matches my ISP's DNS server. Is there a way to
> fix my
> problem?
>
> Thanks.
>
> -Hugh
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos -- now, 100 FREE prints!
> http://photos.yahoo.com
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E41DD2A84F21D411B567009027B0FD886C2A81>