It's possible to fool ip filtering by using UDP/53 as a source port. Buffer overflow during authentication. Replay attacks during authentication.
vulners.com/securityvulns/securityvulns:doc:4459
vulners.com/securityvulns/securityvulns:doc:4462