So, it sounds like no one feels that an intruder can compromise a network
protected by a firewall that allows incoming TCP packets destined for ports
greater than 1023 *without insider help*, whether inadvertant or intentional.
If this is true, it means that it is ok to allow incoming TCP packets
destined for ports greater than 1023 (except X, etc) as long as you are
confident that there are no services available on non-privileged ports,
and never will be any such services.
I thought the statistics always said the most likely attacks come from
the inside. Doesn't that mean we should make sure the outbound channels
are at least logged, so we will find out about new services on non-privileged
- Mac Allen jma21624 @