ubuntu-devel Digest, Vol 23, Issue 16
Dan Kegel
dank at kegel.com
Tue Jul 4 23:38:22 BST 2006
On 7/4/06, Nathan Sutton <nathan.sutton at gmail.com> wrote:
> > > If you're on a network with DHCP, the DHCP client listens on UDP port 68
> > > to receive responses from the DHCP server.
> > >
> > > And every time you make a DNS query, a UDP port is opened to receive the
> > > response from the DNS server.
> >
> > Both of these are examples of getting replies to queries sent out by the
> > system, so they don't count, really.
>
> Ahh, but UDP doesn't maintain state, except at higher levels in the
> OSI model. This can be exploited for ARP poisoning attacks and DoS,
> so these examples do count.
strace seems to show that by default, the DNS port is only open
until the response is received. So it looks like there's only one
open UDP port, not two. netstat -lu confirms this on my
dapper box:
dapper:~$ netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 *:bootpc *:*
I had a quick look at
http://www.ietf.org/rfc/rfc2131.txt
and didn't see anything that would require the dhcp client to
keep the port open. Maybe this is a bug... can somebody who
really understands dhcp comment?
- Dan
More information about the ubuntu-devel
mailing list