Firewalls: Re: UDP thru Firewall (Was: Prospero protocol and filters)

Firewalls
(July 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: UDP thru Firewall (Was: Prospero protocol and filters)
From:	Aydin Edguer <edguer @ MorningStar . Com>
Date:	Thu, 21 Jul 1994 16:24:08 -0400 (EDT)
To:	firewalls @ greatcircle . com
In-reply-to:	<9407211024 . aa08274 @ duke . group1 . com> from "Ken Jones" at Jul 21, 94 10:24:38 am

Ken Jones writes:
> My understanding is letting in udp packets on ports >1023 is generally
> safe, as the only listeners on those ports are clients such as archie
> waiting for a specific response.

This does not agree with my experience.  This assumes that the intruder
will not find a bug in another service permitting them to start a server
inside your network to listen on a port >1023.

For example, they might exploit an un-repaired (or unknown) sendmail
problem to deposit an FSP server on your system to which they can then
connect and pick up password files, proprietary documents, etc.

References:

Re: UDP thru Firewall (Was: Prospero protocol and filters)
From: Ken Jones <kenj @ group1 . com>

Indexed By Date	Previous:	Re: Firewalls From: Marcus J Ranum <mjr @ tis . com>
Indexed By Date	Next:	Re: UDP thru Firewall (Was: Prospero protocol and filters) From: Rens Troost <rens @ imsi . com>
Indexed By Thread	Previous:	Re: UDP thru Firewall (Was: Prospero protocol and filters) From: nreadwin @ london . micrognosis . com (Neil Readwin)
Indexed By Thread	Next:	Re: UDP thru Firewall (Was: Prospero protocol and filters) From: Rens Troost <rens @ imsi . com>