Date: Wed, 14 Jun 2000 07:27:42 -0400 From: "Cameron, Frank" <cameron@ctc.com> To: "'Hugh Ho'" <hho321@yahoo.com> Cc: "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG> Subject: RE: IPFW rules for DNS? Message-ID: <E41DD2A84F21D411B567009027B0FD886C2A81@ctcjst-mail1.ctc.com>
next in thread | raw e-mail | index | archive | help
The recent ipfw supports the keep-state option: allow udp from ${my_ip} to ${dns_server} 53 keep-state -frank > -----Original Message----- > From: Hugh Ho [SMTP:hho321@yahoo.com] > Sent: Monday, June 12, 2000 9:43 PM > To: freebsd-security@FreeBSD.ORG > Subject: IPFW rules for DNS? > > I need to do nslookup quite often, and I have the following IPFW rules > which > allow nslookup to talk to my ISP's DNS server: > > allow udp from ${my_ip} to ${dns_server} 53 > allow udp from ${dns_server} 53 to ${my_ip} > > Problem with the above rules is that people can pass IPFW if they use UDP > port > 53 with a spoofed IP that matches my ISP's DNS server. Is there a way to > fix my > problem? > > Thanks. > > -Hugh > > __________________________________________________ > Do You Yahoo!? > Yahoo! Photos -- now, 100 FREE prints! > http://photos.yahoo.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E41DD2A84F21D411B567009027B0FD886C2A81>