We use an IP packet filtering firewall between our internal network and
the internet. Our goal is to allow any outgoing connections but
disallow all incoming connections except SMTP.
So far TCP has been pretty easy to configure, since you can explicitly
filter based on whether the connection originated inside or outside our
internal network.
However, UDP & ICMP are harder because you don't know whether or not
such incoming packets are related to an internally initiated session
(such as ping, traceroute, DNS servers, or DNS clients).
I found that if I enable all incoming ICMP packets and UDP packets >=
port 1024, everything works OK.
My question: Are there security risks in allowing incoming ICMP and UDP
>= 1024 packets for Windows-based systems?
Thanks,
Jim Yonan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
