Hello,
UDP = IP protocol 17
TCP = IP protocol 6
Do not allow UDP to pass, in general, allow TCP protocol only.
Note that Microsoft PPTP uses IP protocol 47 ant the IPSec uses IP protocol
50.
You should be aware about that there is no meaning in sending packets to a
partner not listening for them. So if you are sending an outbound request
then you are submitting information about the server and the client - IP
addresses, protocol number, client and server port numbers etc in the IP
packet.
So the client will listen for a while on its designed client port for a
server response. If the client doesn't listen to the assigned client port,
then the "response" packet will be meaningless regardless of its content.
Regards, Axel
-----Original Message-----
From: Jim Breton [mailto:[EMAIL PROTECTED]]
Sent: den 15 november 2000 03:32
To: [EMAIL PROTECTED]
Subject: Blocking _outbound_ udp
Picked up "Firewalls and Internet Security" the other day (Cheswick
& Bellovin). Great book! Anyway today I read a part that seems to
elude me.
In section 3.3.8 the authors mention that it would be wise to filter
_oubound_ UDP packets, since the responses you get could be dangerous.
I'm not sure I understand how filtering outbound makes a difference
here, since these "response" packets could have just as easily been sent
to your machine whether or not you sent anything to those hosts to begin
with.
The book uses an example of a high-numbered local UDP port sending a
packet to port 7 of a remote machine. That machine then responds to
your high local port, which in the example is 2049.
What good does filtering output do? That packet to port 2049 could be
sent regardless of whether you provoked it.
Can someone help me make sense out of this? Thanks.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
