[dns-operations] charter, sitefinder, opendns (slashdot today)

Roland Dobbins rdobbins at cisco.com
Fri Feb 16 08:33:37 UTC 2007

On Feb 15, 2007, at 11:45 PM, David Ulevitch wrote:

> There's only one example
> that could justify blocking port 53 and it's not a very good one  
> because
> the bad guys will just switch ports.

It's the same argument as TCP/25 - it sucks, but it's still worth  
doing, IMHO.

Now, the interesting thing would be is if you're monitoring your  
access edge and correlating with your DNS logs/traffic (thinking  
broadband access SP and/or enterprise access LAN) - if the bad guys  
switch the box completely over to something other than UDP/53 and TCP/ 
53 (easiest way to do it), the dog that didn't bark would be a good  
indicator that something's wrong, heh.

Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

           The telephone demands complete participation.

                       -- Marshall McLuhan

More information about the dns-operations mailing list