(Another country heard from) Scott, that's an excellent description of how a firewall that does stateful inspection works, but is wrong if it's just a packet filter. I'll readily admit that anything called a firewall *should* do stateful inspection, but Jeff didn't specify the tool.
As Kevin pointed out, allowing out ports below 1024 should not be necessary, except 80/tcp and udp/53 and tcp/53. Lots of people block tcp/53 intending to block DNS zone transfers, but I read (here, I think) that long text responses from DNS servers will be in TCP instead of UDP. I allow most but not all ICMP traffic if I can. If I can't restrict it, then I let all ICMP in. Blocking it all is commonly done to reduce some of the hacker and viral traffic to your server, but I prefer that ping and traceroute work. Andrew 8) -----Original Message----- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 5:33 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] TCP/UDP ports >ON A WINDOWS MACHINE THE OUTGOING PORTS ARE BETWEEN 1024 AND 5000 BY DEFAULT. However, a firewall won't care about the outgoing ports when a connection is made to a server. For example, if you block all outgoing ports except port 80 (to allow WWW connections from local computer to servers on the Internet), the client will use a port between 1024 and 5000. *But*, the firewall will still allow the connection to go through (since it is *to* port 80). Therefore, it is never necessary to tell a firewall about ports 1024 and 5000. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
