Bollocks. If it does not have a deny all unless explicitly allowed, it is not a
firewall but a router. A "firewall", does not let traffic pass unless authorised by a
security policy. If it does otherwise, it is not a firewall.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Reckhard, Tobias
Sent: Tuesday, March 13, 2001 08:33
To: 'Bill Royds'
Cc: [EMAIL PROTECTED]
Subject: RE: How to find out about Open ports on firewall
Bill Royds wrote:
> If you can find the list of open ports THROUGH a firewall, then you need
> to replace the firewall. It has failed in its main task. The only way one
> should find out about open ports on a server is to be in the same
> protection domain as the server.
>
Bollocks. That may be the case in some setups, but there are clearly going
to be situations where a firewall, which may amount to as much as a
screening router, will let traffic through, hopefully but not necessarily to
specific servers and services. Now if your servers have open ports that the
firewall should prevent outsiders from accessing, that's an entirely
different story.
Tobias
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
