On Wed, Sep 08, 2004 at 03:12:29 +,
Randy Yates [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Ben) writes:
Well, R/W doesn't make much sense for TCP incoming/outgoing SYN
packets make more sense, and if the database is located outside the
firewall, you really only need to allow outgoing SYN packets on the port
(as well as packets related to that session, of course).
Are you suggesting that the firewall be configured so that the only
outgoing packets allowed through are ones with the SYN bit set in the
CODE BITS field of the TCP header? I'm fairly ignorant on protocol
matters, and I don't understand why one would single out these types
of TCP segments. Could you please expound?
Blocking SYN packets can be used to prevent the set up of a TCP connection.
One way to block inbound connections to ports, but allow outbound connections
to them is to block incoming SYN packets. This has the advantage that no
state needs to be maintained about the connection. The normal situation is
that inbound SYN packets are blocked except for the few ports to which you
want to allow connections to.
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
