Gary A. Blum relates in a previous message:
>
...
> My question is as follows... Is it still necessary (or advisable) to also
> configure the router to reject messages that are directed to potentially
> dangerous ports, even though no proxies corresponding to those ports exist
> on the bastion? For example, if tftp is not running on the host, is it still
> necessary to block UDP Port 69 on the Screening Router? Thanks.
>
In an paper from research.att.com (I think??), the authors suggest
that one should consider logging such attempts and then handle it just
as if the service is not provided. That way the log may give more clues
regarding breakin attempts. If I remember rightly, they tacitly
encourage this method during the set up of a firewall, so that you can train
yourself as to how crackers attempt a breakin. After a while, this method
becomes less important. But by then, you can make a more intelligent
decision.
I apologize for not being able to remember the name of the paper(s).
They (it) had something to do with ``buferd''. I also hope I have
the information correct. Others, please step in if neccessary.
--
"Gigabyte here, gigabyte there,
pretty soon you're talking real memory."
Follow-Ups:
References:
|
|
