Re: Controlling ports used by natd
From: Barney Wolff (barney_at_databus.com)
Date: 12/13/03
- Previous message: Brett Glass: "Re: Controlling ports used by natd"
- In reply to: Brett Glass: "Re: Controlling ports used by natd"
- Next in thread: Brett Glass: "Re: Controlling ports used by natd"
- Reply: Brett Glass: "Re: Controlling ports used by natd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 12 Dec 2003 21:18:13 -0500 To: Brett Glass <brett@lariat.org>
On Fri, Dec 12, 2003 at 06:17:46PM -0700, Brett Glass wrote:
>
> In practice, I think we need to come up with something better than the
> notions of "well-known" and "privileged" ports. Something that, unlike
> portmap, is easy for firewalls to work with.
It's not so easy, because malware is not likely to be so polite as to
keep to fixed source ports. In fact, your real problem is with lazy
firewalls that can't tell UDP responses from requests. A stateless
firewall is an ACL, not a firewall. That works not so badly for TCP
but is simply inadequate for UDP.
-- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Brett Glass: "Re: Controlling ports used by natd"
- In reply to: Brett Glass: "Re: Controlling ports used by natd"
- Next in thread: Brett Glass: "Re: Controlling ports used by natd"
- Reply: Brett Glass: "Re: Controlling ports used by natd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
