Prevent allowed spt 53: CVE-2003-1491, CVE-2004-1473

Post Reply
tbenoit
Junior Member
Posts: 7
Joined: 13 Jul 2013, 18:04

Prevent allowed spt 53: CVE-2003-1491, CVE-2004-1473

Post by tbenoit »

I am unable to find a way to address this in the csf.conf file, though I assume it is there...

It appears as though all traffic to all ports is allowed in if the source port is 53.

# iptables -L -n | grep spt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53

This would seem to open a hole for anyone to get in as long as they were using Port 53 out from their host.

We need everyone to be able to reach destination port 53 on the server but do not want to allow all traffic from all sources to all ports if they are coming in from source port 53...only if they are hitting a port we have specifically opened.

Any ideas on how to address this?
Top
tbenoit
Junior Member
Posts: 7
Joined: 13 Jul 2013, 18:04

Re: Prevent allowed spt 53: CVE-2003-1491, CVE-2004-1473

Post by tbenoit »

Found it. Enabled DNS_STRICT to have those rules disabled.
Top
Post Reply

Return to “General Discussion (csf)”