Glynn Clements wrote:
> Hint: if you want to break in to a system which is behind a firewall,
> use port 20 as the source port. It's not exactly unheard of for people
> to misconfigure firewalls to allow traffic from port 20 which would
> otherwise be denied.
That's why it is easier to define packet filtering rules if the local
port range is moved outside the 1024-5000 range, that is infested with
unofficial, but nonetheless well known, ports for all kinds of nasty
services. Then one only needs to accept incoming connections on the
new local range, the masquerading (if used) range and a selected number
of ports under 1024 (say smtp).
> Don't block inbound connections to ephemeral ports. Just block any
> specific ephemeral ports which you happen to be using (e.g. rpc.nfsd,
> rpc.mountd, X servers).
That is the normal approach only that, somehow, you always forget to add
a rule forbidding that service you added yesterday.
Julio
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
