udp and tcp

Help for v2
1

:■■■■ well i need alot of that but yes im having a problum with people sending sploits threw yahoo messenger do u know how i can program it to not let chat room exsploits happen besides not going in to chat lol i also have ytunnel pro newest vershon and before i reformated i tryed it and it worked real good and now i cant seem to get it to be safe thay send a file threw here as i post them to u

                          [1]

security warning found on port/servis"domain [53/udp

Security warning found on port/service “domain (53/udp)”

Synopsis : The remote name server allows recursive queries to be performed by the host running nessusd. Description : It is possible to query the remote name server for third party names. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. If the host allows these recursive queries via UDP, then the host can be used to ‘bounce’ Denial of Service attacks against another network or system. See also : 1997 CERT Advisories

Solution : Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using bind 8, you can do this by using the instruction ‘allow-recursion’ in the ‘options’ section of your named.conf If you are using bind 9, you can define a grouping of internal addresses using the ‘acl’ command Then, within the options block, you can explicitly state: ‘allow-recursion { hosts_defined_in_acl }’ For more info on Bind 9 administration (to include recursion), see: http://www.nominum.com/content/documents/bind9arm.pdf If you are using another name server, consult its documentation.

Risk factor : Medium / CVSS Base Score : 4 (AV:R/AC:L/Au:NR/C:N/A:N/I:P/B:I)

CVE : CVE-1999-0024 BID : 136, 678

                                  [2[

security informashon found on port/service "general/tcp

[ip here] resolves as pool-nn-nnn-nn-81.burl.east.verizon.net.

can u help me figure this out pl i know it has to do with my router also but a little bit confuzed here ty

Edit: IP masked by Mod

2

G’day,

Summarising your post,

  1. You use Yahoo Messenger with the YTunell Pro add-on and you keep getting whacked through a vulnerability within Yahoo Messenger.

  2. You have also used Nessus and it reports that your ISP’s DNS server connection on port 53 allows recursive queries.

  3. I don’t believe that CFP can do anything about an internal vulnerability in an application that you have allowed to run. Clicking ALLOW creates an Application Monitor rule that permits the application and its components to run on the system that CFP is monitoring. Firewalls can monitor and attempt to control some aspects of an operating system (Buffer Overflow Protection etc.) but not within a specific application, unless it is specifically coded to check for that vulnerability within that application.

Sorry, but I really don’t think CFP (or any other firewall for that matter) can prevent you being exploited through an internal vulberability in Yahoo Messenger.

  1. I’m not 100% sure on this but…

If you are running some sort of name server internally and the error is produced by running a Nessus scan against your internal name server, then you had better fix it, as suggested in the Nessus response.

If you ran the Nessus scan against your ISP’s DNS, then it’s their problem (and potentially everyone else’s). Best thing you could do is to contact them and advise them of the vulnerability.

I hope I have interpreted your posting correctly.

Hope this helps,
Ewen :slight_smile: