Re: Controlling ports used by natd

• Previous message: Eric W. Bates: "Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?)"
• In reply to: Barney Wolff: "Re: Controlling ports used by natd"
• Next in thread: Barney Wolff: "Re: Controlling ports used by natd"
• Reply: Barney Wolff: "Re: Controlling ports used by natd"
• Reply: Jacques A. Vidrine: "Re: Controlling ports used by natd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 12 Dec 2003 16:20:04 -0700
To: Barney Wolff <barney@databus.com>

At 11:19 AM 12/12/2003, Barney Wolff wrote:

>How is this problem confined to NAT? Seems to me that any system
>connecting to the Internet would have the same issue, if it's actually
>a problem at all.

Well, yes and no. A system behind a firewall that uses a port that's
commonly used by a worm could find a session blocked, because the
firewall can't trust it not to be infected just because it's inside.
But hopefully, it'd retry and would get another port the next time.
With NAT, there's a bigger problem: the firewall that's doing NAT may
give it the same port again and again, locking it out. (I've seen
this happen.)

>So if I were going to solve it (which I'm not) I would expose the kernel's
>"pick a high port" function, add hitlist capability, and have libalias use it.

Not a bad way to go, actually. It'd be nice to restrict which ports the OS
allowed apps to use, not only so that they don't get blocked by a firewall
but so that a worm that's gotten into the system is detected. (You could set
off an alarm if it tried to bind a "forbidden" port.)

--Brett

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Eric W. Bates: "Re: ssh tunnels and Xvnc - (yes, I know... What? not again!?)"
• In reply to: Barney Wolff: "Re: Controlling ports used by natd"
• Next in thread: Barney Wolff: "Re: Controlling ports used by natd"
• Reply: Barney Wolff: "Re: Controlling ports used by natd"
• Reply: Jacques A. Vidrine: "Re: Controlling ports used by natd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: keeping ports open ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... (microsoft.public.security) Re: How to Maintain an IIS Server? ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ... (microsoft.public.inetserver.iis.security) Re: CEICW fails at firewall config ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ... (microsoft.public.windows.server.sbs) Re: How to Maintain an IIS Server? ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ... (microsoft.public.inetserver.iis.security) Re: A good router ... I have been using a Linksys BEFW11S4 wireless/wired 4 port switch router ... A recent email from WatchGuard that I got the other day about NAT ... NAT device is a firewall. ... This article debunks the myth that a NAT device ... (comp.security.firewalls)