Great Circle Associates Firewalls
(March 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Router Settings
From: blumg @ ios . com (Gary A. Blum)
Date: Mon, 13 Mar 1995 23:20:40 -0500
To: firewalls @ greatcircle . com
Cc: csiegel @ interserv . com, siegelc @ cbc . com 
We're considering a firewall design that combines a screening router with a
dual-homed bastion host running application-level gateways. We recognize the
need to configure the router to reject spurious messages e.g., spoofing
attempts (ala Cert). 

My question is as follows... Is it still necessary (or advisable) to also
configure the router to reject messages that are directed to potentially
dangerous ports, even though no proxies corresponding to those ports exist
on the bastion? For example, if tftp is not running on the host, is it still
necessary to block UDP Port 69 on the Screening Router? Thanks.

Regards,

        Gary
Follow-Ups:
Indexed By Date Previous: PC - SLIP Firewall
From: markkus @ randomc . com
Next: UDP, security and asbestos
From: bwa @ shadow . dbapic . com . au (Barry Anderson)
Indexed By Thread Previous: PC - SLIP Firewall
From: markkus @ randomc . com
Next: Re: Router Settings
From: Mike Sangrey <msangrey @ epix . net>
Google
 
Search Internet Search www.greatcircle.com