Moe Trin
Guest
|
 Posted:
Mon Aug 29, 2005 6:01 am Post subject:
Re: Purpose of these connections? |
|
|
In the Usenet newsgroup comp.dcom.modems, in article
<1125217889.903774.224810@z14g2000cwz.googlegroups.com>, Mike S. wrote:
| Quote: | When dialup users connect to the internet, connections are made on UDP
port 1900 and UDP port 53. What are the purpose of these connections?
|
INbound, or OUT?
1900/udp is windoze "Universal Plug and Pray" Block it and see if
anything breaks - it shouldn't.
53/udp is Domain Name Service - If you don't mind entering IP numbers
instead of hostnames, you might try blocking it - I'll bet you won't
like the results. Normally your computer asks (from a random port
number above 1025) your ISP's name server (on their port 53) to translate
hostnames into IP addresses, and occasionally addresses to names. You
need that. On the OTHER HAND, outsiders attempting to connect to YOUR
port 53 is a no-no unless you have a registered domain name and have
listed your IP address as the name server (translated: fat chance).
| Quote: | If they aren't allowed (blocked by a firewall) what will happen? If I
block them, I still have internet access and can surf the web. But I
want to know if blocking them is bad or good and what it might mean.
|
Sounds like you need to be reading the "comp.security.firewalls" news
group for a week or two. Here's the brief concept on firewalls:
-------------------
For a firewall, there are three very simple rules you should be following
when trying to configure them:
#1 - If you don't know what it is, block it, and see if anything breaks.
#2 - If while denying the connection, nothing breaks, then you didn't need
that.
#3 - If the firewall appears to have 'broken' some function or service,
look in the logs, and identify the specific problem. What specifically is
being rejected? Then figure the smallest hole that will fix that problem.
This may mean allowing connections to 'this' port, from 'that' IP address.
Remember that word - you are opening a _hole_ in your defenses.
A good rule of thumb is that you should disallow everything, rather than
just rule 1. It is of little use to have blocked port $FOO, when an entire
_army_ of bad stuff is coming in through the other 65,000 ports that you
left open to the world. This is especially true for the home user, or the
inexperienced. Then you can follow rules 2 and 3 to resolve any problem that
may develop. "Block everything by default, and allow needed items" is a lot
safer than attempting to block specific items while allowing everything
else. What you don't know (or block) _can_ hurt you.
------------------
Once your firewall is working the way you want it, you can generally
turn off the logging. The problem with logs from the toy firewalls used
by windoze people is:
---------------------
Their main use is telling the ones who use it that some host in Korea or
Kenya attempted to connect to a trojan that they don't have installed.
---------------------
Old guy |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in