LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   udp port 1024 (https://www.linuxquestions.org/questions/linux-security-4/udp-port-1024-a-306582/)

frgtn 03-27-2005 04:29 AM

udp port 1024
 
Hello!

this is my first post and i'm quite desperate for help. I've considered posting this in networking section, but it looks more security related to me. It's a while since i'm trying to figure out what is udp port 1024. No help from google here as well :(
Doing fuser shows it's named:
root@gw:~# fuser -v 1024/udp

USER PID ACCESS COMMAND
1024/udp root 182 f.... named

This port is open on all network interfaces (0.0.0.0) despite the fact that named is configured to run only on one inerface. I've tried looking in bind documentation, but found nothing as of yet. I also get lot's of connections to that port from variuos ips, typicaly 2-3 packets from one ip, all ips i've checked were from US, one was from NASA networks :). I've blocked the port for now. If anyone has info, please help.

P.S. happy Easter!!! :)

Yours, frgtn

jonavogt 03-27-2005 06:06 AM

Quote:

Originally from here
Another weakness of the existing filtering is the inability to define a filter for a range of port numbers. As I mentioned earlier, DNS queries are returned to the client via a UDP datagram sent to a port number between 1024 and 5000. Given the current filtering capabilities, a Windows NT-based router would have to allow all UDP packets through (very bad) or explicitly allow UDP 1024, UDP 1025, UDP 1026, all the way through UDP 5000. In contrast, Cisco routers can be configured to allow this traffic through with a command as simple as IP ACCESS-LIST ALLOW UDP ANY PORT GT 1023.
You seem to be right about named... I personally think blocking it wont harm anybody unless you run a public dns server :D Correct me if I'm wrong

Cheers Jonathan

frgtn 03-27-2005 07:10 AM

Thanks for your reply, Jonathan.
Well i don't think it's bad to block that port too, but the thing that concerns me is the purpose of it. My guesses are that it might be used for transferring stuff like zones or something over different dns servers, but i don't know. I've never configured bind before, so i'm beginning to think i've missed something.

Yours, frgnt


All times are GMT -5. The time now is 09:34 PM.