Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Strange ports

from [Thor (Hammer of God)] Network Security [Permanent Link]
Subject: Re: Re: Strange ports
Date: Fri, 22 Jun 2007 14:50:12 -0700
If you use Exchange (well, specifically, if Exchange is doing the DNS lookup) then you do need TCP 53 as Exchange SMTP (or IIS SMTP) uses TCP by default for DNS queries. This is actually a good thing, as it is easier to build an outbound only TCP 53 rule that will only allow established connections returned as opposed to any UPD packet with the destination port set at 53 (what would be or look like return queries). If one is providing DNS server resources, then the published server should have appropriate DNS application level filtering (as ISA does) in order to ensure that actual DNS traffic is published, and not just anything that happens to use 53.

t




----- Original Message ----- From: <brian.marino@onenterprises.com>
To: <pen-test@securityfocus.com>
Sent: Friday, June 22, 2007 4:41 AM
Subject: Re: Re: Strange ports


I would agree that port 53 UDP needs to be open. Port 53 TCP does not unless you are doing large DNS zone transfers.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security and VPN, Sat Jagat Singh
Next by Date:  RE: listening to people/offices when on-hold on the phone, ep
Previous by Thread:  Re: Re: Strange ports, R. DuFresne
Next by Thread:  Re: Re: Strange ports, Bojan Zdrnja
Indexes:  [Date] [Thread] [Top] [All Lists]