[lug] using tcpdump to emulate effects of packet dump
Jeffrey Siegal
jbs at quiotix.com
Fri Jul 18 17:52:11 MDT 2003
D. Stimits wrote:
> Jeffrey Siegal wrote:
>
>> D. Stimits wrote:
>>
>> > The linux side does not *always* break when port 1026 is blocked, but
>> > due to the way ports are used for DNS, sometimes name servers *do* use
>> > that port...it is a response to what the requesting box says is an
>> > open port when under linux. If by random chance a dns request has 1026
>> > open as the first udp port above 1023, then dns will hang.
>>
>>
>> You can get your linux box to always use port 53 for DNS requests if you
>> you want by running a caching nameserver locally and configuring it to
>> make requests on port 53.
>
>
> Port 53 is only one half of the communications...it is the *other*
> port...the reply...that sometimes hits port 1026.
No, a caching nameserver can be configured to get its replies on port
53, too.
>> I think you could do something with header rewriting that wouldn't
>> require an IP address; at least not a public one.
>>
> Remember, I want to write an app that fixes the broken windows behavior,
> not a crutch that requires a second machine. Most people would rather
> pay the extortion fee of byebyeads.com, rather than buy a second machine
> and learn how to set up a caching proxy.
If you want to avoid port 1026 being allocated for a DNS reply, just
allocate it yourself. Write a service that allocates port 1026 and then
just sits there forever.
More information about the LUG
mailing list