Firewalls: Re: Restricting port access

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Restricting port access
From:	ormonde @ trem . cnt . org . br (Rodrigo Ormonde)
Date:	Fri, 10 Jan 1997 22:15:16 -0300 (GRNLNDST)
To:	tel1dvw @ is . ups . com (Dave Wreski)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<Pine . GSO . 3 . 93 . 970110150731 . 1055E-100000 @ butthead> from "Dave Wreski" at Jan 10, 97 03:08:25 pm

> I understand it is important to explicitly define which ports are
> acceptable in a firewall, but I don't understand why.  If I have source
> and destination IP's defined, does it really make that much difference?
> 
> Thanks,
> Dave Wreski

  Yes, unless you want the remote IPs to be able to access all your services.
I'm sure you have some services that you don't want anybody outside your
network using: NFS, NIS, etc.
  Another point is that if someone attacks you via IP spoofing, he will be able 
to access all the services running on your machine.

-- 
Rodrigo de La Rocque Ormonde
e-mail: ormonde @
 cnt .
 org .
 br
PGP Public key: finger ormonde @
 cnt .
 org .
 br

References:

Restricting port access
From: Dave Wreski <tel1dvw @ is . ups . com>

Indexed By Date	Previous:	Re: Restricting port access From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Indexed By Date	Next:	Reference: DNS forwarding to firewall From: "R. McMahon" <mcmr @ mailhost . net>
Indexed By Thread	Previous:	Restricting port access From: Dave Wreski <tel1dvw @ is . ups . com>
Indexed By Thread	Next:	Re: Restricting port access From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>