Great Circle Associates Firewalls
(October 1992) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: liabilities of ports >1023
From: "USA::JMA21624" <JMA21624%USA . decnet @ usav01 . glaxo . com>
Date: 29 Oct 92 14:47:00 EST
To: "Firewalls" <Firewalls @ GreatCircle . COM> 
So, it sounds like no one feels that an intruder can compromise a network
protected by a firewall that allows incoming TCP packets destined for ports
greater than 1023 *without insider help*, whether inadvertant or intentional.

If this is true, it means that it is ok to allow incoming TCP packets
destined for ports greater than 1023 (except X, etc) as long as you are 
confident that there are no services available on non-privileged ports, 
and never will be any such services.

I thought the statistics always said the most likely attacks come from
the inside.  Doesn't that mean we should make sure the outbound channels
are at least logged, so we will find out about new services on non-privileged
ports?

- Mac Allen   jma21624 @
 usav01 .
 glaxo .
 com
Indexed By Date Previous: Re: liabilities of ports >1023
From: mjr @ decuac . DEC . COM (Marcus J. "Will do TCP/IP for clues" Ranum)
Next: Re: liabilities of ports >1023
From: smb @ ulysses . att . com
Indexed By Thread Previous: Re: liabilities of ports >1023
From: mjr @ decuac . DEC . COM (Marcus J. "Will do TCP/IP for clues" Ranum)
Next: Re: liabilities of ports >1023
From: smb @ ulysses . att . com
Google
 
Search Internet Search www.greatcircle.com