BB> Date: Fri, 21 Feb 2003 14:08:46 -0600 (CST) BB> From: Bryan Bradsby JS> it isn't legit for what i have in my network though :-) BB> Really? So you're blocking udp/1434 both in and out? BB> BB> Got any DNS servers on your network? Any of your desktop BB> clients use DNS? s/DNS/UDP-based servers/ BB> Recent versions of un*x BIND will pick a random port above BB> 1024 for udp conversations. It can and has picked 1434. Standard socket(2) behavior. BIND [hopefully] runs chown(2)ed, so the source port number must be >= 1024. BB> DNS clients will eventually timeout and fall back to another BB> server, so any problems would be transient, but the packets BB> were legit, right? Stateful packet filters are nice. Properly written, they protect both inbound and outbound traffic and need to track very little state. Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.