On Mon, Jan 31, 2000 at 02:35:38PM +0100, Julien Stern wrote: > I'm wondering if such a rule isn't very dangerous in fact. > Suppose that a port (say telnet) is open on the firewall, > so that I can telnet from inside, but blocked for the > outside world. Isn't it possible to hack a telnet client > so that it connects FROM port 53 (domain) to my telnet port?
I think so. > If so, what should I do? Should I specify that I only allow NEVER install telnet on your firewall. If you really won't to work remotely use ssh. > packet coming from port 53 _and_ from the addresses of > my ISP DNSs? Even in this case, I would have to trust these Yes, that is better of course. Also you can add teh destination port which is 1024:65535 in your case. > computers. Is there a really bullet-proof setup? I don't think anything is bullet proof. I will upload spf in the next few days. You might want to take a look at it since it allows only backward packets from the machine you connected and also only on the port your query originated from. Michael -- Michael Meskes | Go SF 49ers! Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire! Tel.: (+49) 2431/72651 | Use Debian GNU/Linux! Email: [email protected] | Use PostgreSQL!
