Re: What is this?

Moe Trin wrote:
> In the Usenet newsgroup comp.security.firewalls, in article
> <UUQZe.34736$d5.189930@newsb.telia.net>, Anders wrote:
>
> At my home, I really don't see that much UDP on any of my ISPs (I have
> three),

Lucky You, I have to go to a friend and use his conection to see my
network from the outside.

>and it's mainly messenger spam attempts. At work, the perimeter
> firewall is used to translate outgoing UDP (mainly DNS queries) to
> source ports above (roughly) 1100. As this is the only normal use we
> have for UDP, any _inbound_ UDP to ports below that number (excluding
> to port 53 to the externally visible DNS servers) is dropped - it can not
> be wanted traffic.
>
> Old guy

Moe, one´s again you forced me too read, this time about DNS and
traceroute, and I stumble up on this RFC´s 1034,1035 and the older one´s
882,883 I have not been able to read them yet, but as soon as I get time
for it I will.
One thing I read about was that it is common that someone who want to
figure out about a systemcofiguration can make use of traceroute -S udp
p53, so for time being I happely block that one.

Anders.
Received on Thu Sep 29 20:11:04 2005