Good Point Eli,.....I guess I should say that if you are going to open
inbound TCP ports 1024+, the security risk in principal should be weighed
against the need to open these ports, and one should ascertain if any
systems/threads are listening to any ports over 1024, and if so, block these
ports from inbound packets.
Paul Eftis
-----Original Message-----
From: Eli Allen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: Wednesday, August 18, 1999 11:41 PM
Subject: RE: [NetMeeting] MS proxy server settings for Netmeeting
>
>Tripplite's UPS uses port 63333 when you setup the server to remotely
>monitor your UPS. While it can't be used as an exploit that I know of it
>does allow a very effective DoS attack. Took me about a week to find out
>why all network activity came to a standstill requiring a reboot and then
>what caused the problem to fix it. But it is just one port number it uses
>so you can just block that one port.
>
>Then there is ICQ but you can set ICQ to use a proxy.
>
>Eli
>
>> -----Original Message-----
>> I would like to also add a second point concerning the H.323
>> security issue:
>> Even if you opened up TCP ports 1024-65535 Inbound to receive
>> inbound NM calls, the security risk is in principal only, and I
>> am not aware of any exploits that are generated from attack
>> vectors on these ports.
>
>-----------------------------------------------------------------------
>http://www.meetingbywire.com/Mailinglist.htm for unsubscribe information
>-----------------------------------------------------------------------
-----------------------------------------------------------------------
http://www.meetingbywire.com/Mailinglist.htm for unsubscribe information
-----------------------------------------------------------------------
