Great Circle Associates Firewalls
(March 1993)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: archie and UDP
From: Amos Shapira <amoss @ cs . huji . ac . il>
Date: Fri, 05 Mar 1993 11:06:15 +0200
To: firewalls @ GreatCircle . COM
In-reply-to: Your message of Wed, 3 Mar 93 19:03:45 PST . <9303040303 . AA22705 @ ICD . Teradyne . COM>

In message <9303040303 .
 AA22705 @
 ICD .
 Teradyne .
 COM> jxh @
 icd .
 teradyne .
 com (Jim
Hickstein)  write:
|My archie client seems to want me to let UDP packets to ports >1000
|through my router to/from my firewall.  Isn't this a Bad Idea?  Must I
|tell my users that they should telnet somewhere, instead?

The Archie servers listens on port 1525,  so I guess that if you just allow
this port to/from certian archie servers then you are pretty covered, though
this could still be a hole.  Also it shouldn't be a big problem to proxy this
service.

Another option,  which I'm not sure how practical it is,  is to purchase
an Archie "client server",  this is a telnet client to which you connect and
ask querys,  the "server" connects through prospero to a "real" Archie server.
You should be able to get more info from bajan @
 bunyip .
 com .
 

Hope this helps,

--Amos Shapira

CS System Group, Hebrew University, Jerusalem, Israel
amoss @
 cs .
 huji .
 ac .
 il



References:
Indexed By Date Previous: Re: Appletalk through firewalls.
From: johng @ weema . chi . uwa . edu . au (John Gibbins)
Next: Re: archie and UDP
From: tim @ canon . co . uk (Tim F O'Donoghue)
Indexed By Thread Previous: archie and UDP
From: jxh @ ICD . Teradyne . COM (Jim Hickstein)
Next: Re: archie and UDP
From: tim @ canon . co . uk (Tim F O'Donoghue)

Google
 
Search Internet Search www.greatcircle.com