I do not use these all. :-) BTW the second number listed is the use count. As you see only ftp is in use now. But some of my users have used vdolive and of course irc . Also we wanted to try cuseeme.
Anyway, I don't think restricting ftp to passive is a good idea. While I agree that it is for security reasons it certainly is not for user friendlyness. There's more to ftp than using a browser to access some files. There are quite some programs, libraries and scripts that use ftp. And not all are configurable. I think we shouldn't act as if we were on an island. We will get users who ask for these services and I prefer a firewall that has been constructed with these in mind. Michael -- Dr. Michael Meskes, Project-Manager | topsystem Systemhaus GmbH [EMAIL PROTECTED] | Europark A2, Adenauerstr. 20 [EMAIL PROTECTED] | 52146 Wuerselen Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44 Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10 > -----Original Message----- > From: Henry Hollenberg [SMTP:[EMAIL PROTECTED] > Sent: Thursday, March 05, 1998 3:23 PM > To: Meskes, Michael > Subject: RE: Start up scripts > > > > ip_masq_vdolive 1 0 > > ip_masq_quake 1 0 > > ip_masq_ftp 1 2 > > ip_masq_raudio 1 0 > > ip_masq_irc 1 0 > > ip_masq_cuseeme 1 0 > > > > You could get rid of them if you don't waynt to allow the the > program to > > be used or add a proxy for it. > > I was planning on using passive ftp clients and allowing this in and > out > with IP filters....seemed like alot less hassle and the browsers > (Netscape) support this already. > > Now the others, boy, your having some fun....I imagine when I get this > firewall done, you and I are going to have to talk! :-). That sounds > like > some neat stuff to try out. > > But, for now, I think I must be more conservative....I've got this > Corporation and Hospital that aren't going to be real sympathetic with > my > need to do irc, etc.... (I know it's important, but it's tough to > convince > them sometimes....do you guys have to reuse your styrofoam coffee > cups....just wondering....:-) > > I guess when that time comes I'd be more inclined to proxy those > services. > I'd really like to follow the book for now and keep the kernel > non-modulated if at all possible. > > Later on we ought to be able to tinker with variations on the > specification and start the most valuable phase of the project in my > opinion....accruing stats on exploits to "standard" firewall setups. > This > information ought to be very valuable. But first you've got to have a > standard that data can be collected on so we can compare apples to > apples. > > hgh > > > -- > E-mail the word "unsubscribe" to > [EMAIL PROTECTED] > TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to > [EMAIL PROTECTED] . -- E-mail the word "unsubscribe" to [EMAIL PROTECTED] TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to [EMAIL PROTECTED] .
