[dns-operations] charter, sitefinder, opendns (slashdot today)
Roland Dobbins
rdobbins at cisco.com
Fri Feb 16 08:33:37 UTC 2007
On Feb 15, 2007, at 11:45 PM, David Ulevitch wrote:
> There's only one example
> that could justify blocking port 53 and it's not a very good one
> because
> the bad guys will just switch ports.
It's the same argument as TCP/25 - it sucks, but it's still worth
doing, IMHO.
Now, the interesting thing would be is if you're monitoring your
access edge and correlating with your DNS logs/traffic (thinking
broadband access SP and/or enterprise access LAN) - if the bad guys
switch the box completely over to something other than UDP/53 and TCP/
53 (easiest way to do it), the dog that didn't bark would be a good
indicator that something's wrong, heh.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
The telephone demands complete participation.
-- Marshall McLuhan
More information about the dns-operations
mailing list