Some folks don't have a firewall, and so can run things like your software.
Other folks have firewalls as voodoo tokens; they figure the act of owning a
firewall makes them secure by definition, so they don't have to go through the
hassle of actually configuring it to protect themselves. They should also be
able to use your software just fine.
For folks who actually care about security for real, and have good security
policies implemented by properly-configured firewalls, software like yours is
not allowed in the door.
If you try, you can make your app work with outbound-only connections on a
single port. You can even do this without having a design with good security;
you could just tunnel full IP over a single outbound port. Not recommended if
you actually care about security --- but the point is, you don't need to tear
huge holes in the victim's firewall to make your app work, if you take care
when designing your protocol.
On those very, very rare occasions when someone actually has something useful
despite the fact that its designers didn't understand internet protocols and
security, the standard fix is for the victim to put a box out in the DMZ, and
rig the filtering rules so it has wide-open access to the perpetrator of the
protocol; then use a remote-execution tool like ssh (for Unix clients) or vnc
(for Windows clients) tunneled out through the firewall into the DMZ to allow
users to get at the perp's software from their desktops.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
