On Tue, Dec 26, 2000 at 09:02:12AM -0600, Mark J. Roberts wrote:
> On Tue, 26 Dec 2000, Mark J. Roberts wrote:
>
> > I've been annoyed by FProxy's promiscuous behavior for a while now, and
> > nothing's been done about it, even though it's really easy to restrict the
> > connection to localhost, and only a little harder to read a configuration
> > file.
>
> I'm no expert on TCP/IP connections and such, but even if FProxy rejects
> all non-localhost connections, can the attacker still find out that
> there's something running on port 8080, and then portscan for the node?
>
> If so, we absolutely must randomize the fproxy listener port as well as
> the node port. Right?
The ideal solution is to block non-local connections at the OS level. But
Win folks won't like that. Yet another reason to have FProxy integrated
into the browser so no listening connection is necessary.
Scott
PGP signature
