Picked up "Firewalls and Internet Security" the other day (Cheswick
& Bellovin). Great book! Anyway today I read a part that seems to
elude me.
In section 3.3.8 the authors mention that it would be wise to filter
_oubound_ UDP packets, since the responses you get could be dangerous.
I'm not sure I understand how filtering outbound makes a difference
here, since these "response" packets could have just as easily been sent
to your machine whether or not you sent anything to those hosts to begin
with.
The book uses an example of a high-numbered local UDP port sending a
packet to port 7 of a remote machine. That machine then responds to
your high local port, which in the example is 2049.
What good does filtering output do? That packet to port 2049 could be
sent regardless of whether you provoked it.
Can someone help me make sense out of this? Thanks.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
