On Thu, 21 Jun 2001, Reckhard, Tobias wrote:
> There is a notion that source ports above 1023 are 'safer' than those
> up to there. This is due to the fact that in UNIX only root may use
> those ports.
You got it just the wrong way around; ports _below_ 1024 are root-only.
The rest are free-for-all. Or did I misunderstand you?
> IOW, use of the source port as qualifier for anything isn't all too
> good an idea (except for active FTP, I guess).
Agreed.
> Now on to your ipchains question. Actually, '-y' means 'SYN bit set'
> and '! -y' means 'SYN bit cleared', but that is wrong, otherwise the
> TCP three-way handshake would never complete.
That's the whole point - to only match packets that are trying to
initiate a connection and then either accept or reject/deny them based
on IP-address/netmask or traffic direction. Practically, this gives you
more control over your open ports (plus, gives you an easy tool to get
rid of all those annoying doubleclick.net and similar webads, saving a
little bit of your bandwidth in the process :P).
> You are not safe if you've got a firewall. You're safer than you'd be
> without one, though. How much depends on its configuration.
Also, depends on the firewall itself. There could be buffer overflows or
some other nasty bugs in the code that could lead to root compromise.
There were some security issues with linux IPchains, for instance that,
in some cases, allowed an attacker to entirely bypass the firewall. Read
more at:
http://www.securityfocus.com/archive/1/19810
.pi.
--
Petteri Lyytinen + [EMAIL PROTECTED] + http://www.cs.tut.fi/~typo/
"Close friends are the true angels who lift you up on your feet when
your wings don't remember how to fly."
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
