Vulnerability to cache poisoning -- the rest of the solution

Mon Jul 14 17:10:15 UTC 2008

I understand the theory so was seeking positive confirmation on the
specific questions I asked which still haven't been answered.

Someone stated positively that I couldn't have had queries or transfers
working with port firewall restricted to port 53 so I was looking for
more information about that statement as obviously my BIND is working.

Separately I was then also asking for details about what should be
opened for recursive queries.  Is it udp only?  Tcp & udp?   Finally I
was asking for specific range information.   That is if I tell it random
does that mean it automatically goes to ports above 1024.  Further I
wanted to verify there wasn't anything in BIND that was restricting it
to a range as some applications do.   That is to say is it complete
random or random within a range? 

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Peter Laws
Sent: Monday, July 14, 2008 12:42 PM
To: bind-users at isc.org
Subject: Re: Vulnerability to cache poisoning -- the rest of the
solution

Jeff Lightner wrote:
> We were only allowing port 53 outside the firewall (confirmed by the
> Network folks).   We've been doing lookups for external sites fine
> despite that.   Was the discussion in current thread about that or
> something else?
> 

53, 42, 10999, 63215, doesn't make any difference.  But if it's always
53 
or anything else you make the attackers job easier (and they thank you
. 
or will on August 6).

> Also my Network admin is asking for clarification of what needs to be
> opened for the port randomization.   He thinks it should only be ports
> above 1024.

If it's running as named, obviously you'd be restricted to ports named 
could open, which are above 1024 generally.  Otherwise, it's
OS-dependent, 
AFAIK.  Seems to me Solaris will (or would in pre-10 days) only pick
32768 
or above though it could be changed.

-- 
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

The information contained in this message and any attachment may be
proprietary, confidential, and privileged or subject to the work
product doctrine and thus protected from disclosure.  If the reader
of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify me
immediately by replying to this message and deleting it and all
copies and backups thereof.  Thank you.