dns.exe does not listen on thousands of ports
in [Windows Servers]
|
From: Jonathan de Boyne Pollard on 21 Apr 2010 22:50 > > > I checked and dns.exe had about 2500 ports listed > It's not listening on them, though. Those are the ports used for the back-end DNS clients. > [...] what this is all about? [...] I searched the web for this and I > dont have KB951746 installed. [...] > You've seen the security bulletin giving that number. You already know what this is about. The bulletin that you read has a FAQ section for the vulnerability telling you.
From: Ace Fekay [MVP - Directory Services, MCT] on 22 Apr 2010 00:09 On Thu, 22 Apr 2010 03:50:01 +0100, Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups(a)NTLWorld.COM> wrote: >> >> >> I checked and dns.exe had about 2500 ports listed >> >It's not listening on them, though. Those are the ports used for the >back-end DNS clients. > >> [...] what this is all about? [...] I searched the web for this and I >> dont have KB951746 installed. [...] >> >You've seen the security bulletin giving that number. You already know >what this is about. The bulletin that you read has a FAQ section for >the vulnerability telling you. I would like to add regarding the 2500 ports, they are reserved ports for the client response ports. This was introduced with the DNS security update from July, 2009. Here's more info on this issue and what the reserved ports are all about. The DNS Cache Poisoning Vulnerability, Microsoft KB953230 Patch, and Ports Reservation Explained http://msmvps.com/blogs/acefekay/archive/2009/09/03/the-dns-cache-poisoning-vulnerability-microsoft-kb953230-patch-and-ports-reservation-explained.aspx Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution. Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
From: Jonathan de Boyne Pollard on 22 Apr 2010 19:38 > > > How can I have another application get priority for some of the ports > that this tries to reserve? > It's not reserving them. It's using them. They'll be the ports from which back-end DNS client queries are sent. If you want another application to bind to a specific UDP/IP port, then run it first. If you want to do something else, then follow the hyperlink, in the Security bulletin that you read, to MSKB article 953230 and read that.
From: Dave Warren on 23 Apr 2010 02:04 In message <IU.D20100422.T233837.P4368.Q0(a)J.de.Boyne.Pollard.localhost> Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups(a)NTLWorld.COM> was claimed to have wrote: >If you want another >application to bind to a specific UDP/IP port, then run it first. Running another app first is not a reliable suggestion. However, customizing the ports that DNS uses is definitely a reliable solution. The problem with running another app first is that that other app might shut down or unbind for some reason.
|
Pages: 1 Prev: ANN: I PRE-ORDERED KEVINPANZKE.CO AND KEVINJOHNPANZKE.CO RECENTLY! Next: Graphics |