This topic has been closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one. Start a New Discussion. We are investigating this as the highest priority and will provide updates at Status.
Join Now Log In Help. All forum topics Previous Topic Next Topic. Block port 53 incoming only hacked router? A few months ago, we noticed that there was significant upload useage on our connection when it was not possible for it to be us using it. We ran tests such as disconnecting everything from the router and sure enough, large uploads made with NOTHING connected to the router!
We talked to our ISP who suggested it was most likely someone accessing our router to upload info. I think it would be very, very unlikely that they could be doing so wirelessly large grounds, no way to get within wifi range so the ISP suggested we make sure that remote management of the router was turned off done successfully and that we block port 53 to incoming traffic. Can't find how to do this, can anybody help?!
Also, are there any other precautions we could take? The router does have a security system hard wired to it currently disconnected and a Sonos again, disconnected that we had to do some playing around with to get working so wary of going mad to start with in case I stop those working! Why would I need this? Improve this question. Add a comment. Active Oldest Votes. Improve this answer. Shane Madden Shane Madden k 12 12 gold badges silver badges bronze badges.
ChristopherIckes No. Your server still needs to make outbound DNS queries - inbound port 53 UDP traffic must be allowed the responses to your queries for those to function correctly. Show 1 more comment. Hennes Hennes 4, 1 1 gold badge 17 17 silver badges 29 29 bronze badges. Jacob Jacob 9, 4 4 gold badges 43 43 silver badges 56 56 bronze badges. And oops. I meant "open the port" not "secure the port". Editted — csi. If you want to use your server as a DNS server for example you're hosting your own domains.
You can run tcpdump on a host and then issue a DNS lookup from another terminal or browser to confirm this: 'tcpdump -n -s -i eth0 udp port 53' So to answer your question: You would only open port 53 on a host that is offering DNS services to a network. Some firewall software including iptables, as mentioned by mindthemonkey in the comments on my answer will track a fake connection and allow the traffic as an established connection, but make no mistake: UDP is stateless, and unless your firewall's being smart about allowing responses to recent queries, you need UDP port 53 open to get packets in response to your queries.
I am writing this message from a machine with port 53 closed. TCP connection tracking on the localhost firewall manages the authenticity of DNS queries going out from random ports above port Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog.
Podcast Explaining the semiconductor shortage, and how it might end. Does ES6 make JavaScript frameworks obsolete? Featured on Meta. Now live: A fully responsive profile. Related 9. Hot Network Questions. Question feed. Super User works best with JavaScript enabled. Viewed 2k times. I just disabled the firewall, and would like to set it up correctly.
These are the goals for this server: File server. Web server. What ports should I not block? Improve this question. Hennes I presume you mean ssh, and not actual rlogin?
Add a comment. Active Oldest Votes. Outgoing traffic: I wouldn't filter any of that, if anyone compromised your server they could just disable the firewall rules. Incoming traffic: Rather than blocking ports, you need to make sure that the ports you have listening are only accessed from locations that you want them accessed from - you probably don't want to open up your samba network to the internet.
Improve this answer. I disagree. Everything should be blocked by default.
0コメント