Great Circle Associates Firewalls
(July 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: UDP thru Firewall (Was: Prospero protocol and filters)
From: Aydin Edguer <edguer @ MorningStar . Com>
Date: Thu, 21 Jul 1994 16:24:08 -0400 (EDT)
To: firewalls @ greatcircle . com
In-reply-to: <9407211024 . aa08274 @ duke . group1 . com> from "Ken Jones" at Jul 21, 94 10:24:38 am

Ken Jones writes:
> My understanding is letting in udp packets on ports >1023 is generally
> safe, as the only listeners on those ports are clients such as archie
> waiting for a specific response.

This does not agree with my experience.  This assumes that the intruder
will not find a bug in another service permitting them to start a server
inside your network to listen on a port >1023.

For example, they might exploit an un-repaired (or unknown) sendmail
problem to deposit an FSP server on your system to which they can then
connect and pick up password files, proprietary documents, etc.


References:
Indexed By Date Previous: Re: Firewalls
From: Marcus J Ranum <mjr @ tis . com>
Next: Re: UDP thru Firewall (Was: Prospero protocol and filters)
From: Rens Troost <rens @ imsi . com>
Indexed By Thread Previous: Re: UDP thru Firewall (Was: Prospero protocol and filters)
From: nreadwin @ london . micrognosis . com (Neil Readwin)
Next: Re: UDP thru Firewall (Was: Prospero protocol and filters)
From: Rens Troost <rens @ imsi . com>

Google
 
Search Internet Search www.greatcircle.com