ecklesd wrote:
>
> To allow pcANYWHERE remote workstations outside a firewall to connect to
> hosts inside the firewall, you must open ports 5631 and port 5632 as you
> have done. For the remote workstation , ensure that incoming TCP connections
> are allowed from any port from 1024-5000 outside the firewall to port 5631
> inside the firewall.
Limiting the source port span to 1024--5000 is not a good idea.
Windows boxes, if left with the default settings, will indeed use
1024--5000, inclusive, but as soon as a NATing firewall gets involved,
you'll see anything between 1024 and 65535.
Limiting the source span to 1024--5000 buys you no additional
security, since those ports are exactly the ports any attacker
will be using by default. (Unless they're sitting behind a NATing
firewall, which they likely won't be doing, as it is an unnecessary
obstacle for them.)
Regards,
Mikael Olsson
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
"Senex semper diu dormit"
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
