ubuntu-devel Digest, Vol 23, Issue 16
Scott James Remnant
scott at ubuntu.com
Wed Jul 5 00:37:38 BST 2006
On Tue, 2006-07-04 at 15:38 -0700, Dan Kegel wrote:
> On 7/4/06, Nathan Sutton <nathan.sutton at gmail.com> wrote:
> > > > If you're on a network with DHCP, the DHCP client listens on UDP port 68
> > > > to receive responses from the DHCP server.
> > > >
> > > > And every time you make a DNS query, a UDP port is opened to receive the
> > > > response from the DNS server.
> > >
> > > Both of these are examples of getting replies to queries sent out by the
> > > system, so they don't count, really.
> >
> > Ahh, but UDP doesn't maintain state, except at higher levels in the
> > OSI model. This can be exploited for ARP poisoning attacks and DoS,
> > so these examples do count.
>
> strace seems to show that by default, the DNS port is only open
> until the response is received. So it looks like there's only one
> open UDP port, not two.
>
No, it's still an open port. UDP lacks any form of checking that things
received are the expected responses, and while the port is open for the
response anything can be sent to it (this is safe-guarded with TCP,
which is why TCP connections aren't considered "open ports").
This means it's up to the application to ensure that while its UDP port
is open, it discards any unexpected responses.
So it's effectively an open port.
Scott
--
Scott James Remnant
scott at ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20060705/f8af7e5f/attachment.pgp
More information about the ubuntu-devel
mailing list