Firewalls: Re: Notes from Firewalls BOF at USENIX LISA Conference

Firewalls
(December 1992)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Notes from Firewalls BOF at USENIX LISA Conference
From:	smb @ research . att . com
Date:	Thu, 03 Dec 92 11:39:21 EST
To:	Brent Chapman <brent @ GreatCircle . COM>
Cc:	Firewalls @ GreatCircle . COM

	 I haven't looked at NTP yet; none of the clients I've set up firewalls
	 for have requested it.  If it uses a random port for one end of the
	 connection, I don't see any safe way to let NTP traffic through a
	 firewall that only looks at destination addresses; if you do, you'll
	 also end up exposing all RPC-based services, like YP and so forth.

The essential use of ntp -- keeping time synchronization -- uses port 123
on both ends.  But other uses -- queries to remote time servers, or
forcing the right time when rebooting -- use random inside ports.

Indexed By Date	Previous:	packet filter metalanguage From: Bob Sutterfield <bob @ MorningStar . Com>
Indexed By Date	Next:	Re: Notes from Firewalls BOF at USENIX LISA Conference From: Mike Minnich <minnich @ wind . es . dupont . com>
Indexed By Thread	Previous:	Re: Notes from Firewalls BOF at USENIX LISA Conference From: Mike Minnich <minnich @ wind . es . dupont . com>
Indexed By Thread	Next:	Re: Notes from Firewalls BOF at USENIX LISA Conference From: Brent Chapman <brent @ GreatCircle . COM>