Great Circle Associates Firewalls
(January 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: FTP through firewall
From: bobk @ manzanita . DEV . 3Com . COM (Bob Konigsberg)
Date: Sat, 14 Jan 95 21:52:23 PST
To: jharvey @ netcom . com
Cc: firewalls @ greatcircle . com 
Good sets of filtering only allow ports 1024-2000 incoming when the destination
port is that, AND the source port is 20 or 21 (ftp-data, ftp-control), and
then tie that to the addressing so that only applies to an inbound packet.

Outgoing packets would reverse that with the source port being > 1023 and
the destination port being 20/21.

For more details, read Brent Chapman's paper and (This is unsolicited, Really!),
take his seminar.  It will open your eyes.  He's running an ad in the current
issue of Internet magazine.

BobK
Indexed By Date Previous: Re: Sendmail & DNS? Secure enough for a firewall?
From: "Brent E. Boyko" <bboyko @ brent . LLU . EDU>
Next: IP Forwarding and Source Routing on AIX
From: hharamis @ cohesive . com
Indexed By Thread Previous: FTP through firewall
From: Justin Harvey <jharvey @ netcom . com>
Next: Re: FTP through firewall
From: Kenneth Smith <Kenneth_Smith @ countrywide . com>
Google
 
Search Internet Search www.greatcircle.com