Question about port for NSLOOKUP

hostmaster Hostmaster at comcity.com
Mon Apr 24 23:24:20 UTC 2000


I'm running NT....

There is no "easy" way to turn off TCP/IP ports in NT?
Someone is sending spurious FTP packets to our server originating from port
21, in many cases they are "spoofing" their ip address and they are using
some program that is running up the TCP/IP ports starting at 1024 and
up...hitting about 7 ports at a time.  We have noticed that over a 24 hour
basis; somehow, this causes NT to crash complete even with FTP completely
OFF on the server.  They are now doing this on two separate FTP servers.

----- Original Message -----
From: Len Conrad <lconrad at Go2France.com>
To: hostmaster <Hostmaster at comcity.com>
Sent: Monday, April 24, 2000 3:58 PM
Subject: Re: Question about port for NSLOOKUP


>
> >How can I make this work if its dynamically assigned?
>
> a "dynamic packet filter" maybe?
>
> something like ipfilter on FreeBSD or Solaris is a "stateful packet
filter"
> that allows incoming traffic to enter an otherwise "blocked" port because
> ipfilter has remembered the state where some outgoing traffic occurred on
> the port.  It matches the incoming with outgoing, and temporarily opens
the
> in-blocked port until the session is stopped, and then it closes that port
> again.
>
> I think you're running into the pb where static filtering can't handle
your
> dynamic requirements.
>
> Len
>
>
>




More information about the bind-users mailing list