RE: an error in the NMAP docs?

["Michael Herz" <mherz () uwaterloo ca>]

> -----Original Message-----
> From: David Gillett [mailto:gillettdavid () fhda edu] 
>
>   The *purpose* of the exception is NOT "to allow the machine to act 
> as a DNS server".  Its purpose is to allow the client to 
> receive DNS results even when these are returned using TCP 
> instead of UDP.

This is exactly what I'm saying too. Right from the beginning I belive ;-)

>   The NMAP docs describe exploiting a FIREWALL configuration 
> intended to allow machines to act as DNS and FTP CLIENTS.

And this is what I disagree with. To me, the phrase "allow DNS (53) or
FTP-DATA (20) packets to come  through" implies a server service (ie.
requests are coming in to my DNS server on port 53).

Sorry for turning this into so many words :-(


---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------